New Android Malware Targets Custom ROMs
According to Lookout Mobile Security, a new Trojan (jSMSHider) has surfaced in Android markets that currently targets Chinese Android users using custom ROMs.
As explained by Lookout on what the malware can do if the install is successful:
If jSMSHider successfully installs the second stage payload, we mapped the capabilities that the malware can perform, which include:
- The ability to read, send and process incoming SMS messages (potentially for mTAN interception or fraudulent premium billing subscriptions)
- Installing apps transparently on ROMs with a platform signer from the AOSP
- Communication with a remote server using DES encryption and base64 encoding with a custom alphabet
- Dynamic C&C server addresses and check-in frequency
- Download an application from a URL and perform a silent install or update of the APK
- Open a URL silently in the background (using the device’s default User-Agent)
The company has gone on to claim that Lookout Free and Premium users are automatically protected from this threat and do not need to take further action. But if you're using another custom ROM, it's recommended that you check with the developer to see if a patch is available.