Industry News Tips and Tricks

The ABC of Cybersecurity – Android Threats: R is for Rooting Trojan

Android is no stranger to malware, especially with the proliferation of mobile devices sporting Google’s mobile operating system. If threats have traditionally targeted Windows-based systems, with more than 2 billion active Android devices in the world, it makes sense to cybercriminals to start developing threats for Android-running devices.

While SMS-sending Trojans are usually quite popular, especially since they present an easy way of making money, rooting Trojans are among the most devious threats. Rooting Trojans are designed to take full remote control over a device, enabling the attacker to access any type of stored information, as if actually holding the device.

While some users might want to root their devices for themselves to either delete pre-installed applications that normally cannot be removed or even change the Android version the device is running, rooting Trojans are usually installed without a users’ knowledge.

What is Rooting?

Rooting an Android device is much like gaining Admin rights on your Windows PC. Once you’ve done that, you can install or delete any app you want. You can install apps on SD cards instead of the phone’s internal memory, tweak or overclock the device to unlock some performance boost. While some expert users do it, it’s a risky process that could lead to completely bricking or rendering the device inoperable.

Since rooting a device obviously voids the warranty, It’s recommended to avoid the process as, besides voiding the warranty, it also allows threats to gain a more permanent foothold on the system, if infected. Ultimately, it’s a matter of choice if a user wants full control over the device, but it’s not for the faint- hearted.

For lack of a better description, rooting is like redecorating your house by yourself. If you’re capable of doing that from scratch without any help and actually pulling off a great job, you might as well do it. Otherwise, you’re better off leaving it to professionals or you might cause more damage than you can afford to repair.

Since rooting involves the use of security vulnerabilities to gain administrative privileges over the operating system, this may leave the phone vulnerable to malware that can completely seize control of the device.

For example, imagine driving a stock car that’s limited to 60 miles per hour. However, by tinkering with its onboard software, you can remove that restriction. While that might give you the extra power you wanted, the extra performance might not have an overall positive effect your engine and turbine as they will work above normal usage parameters.

Consequently, rooting an Android device might be similar, as you’re technically bypassing some built-in safety and security features that guarantee optimal performance of the operating system.

Android Rooting Trojans

Malware can sometimes leverage vulnerabilities in unpatched Android operating systems to get the device to install threats and tools that would allow an attacker to secretly control the device remotely. Since the attacker has administrative privileges, he would have unrestricted remote access to any document, photo, text message, or any other feature that the smartphone has.

Remote Access Trojans (RATs) are usually popular on Android, as they enable attackers to leverage seemingly legitimate applications to exploit vulnerabilities within the mobile operating system and take control of it.

For example, imagine downloading a seemingly legitimate application that claims to install some camera filters for taking photos. However, once installed it seizes control of the entire mobile operating system, allowing the attacker to covertly install any spying application without it showing up in your uninstall manager.

For example, there has actually been a rooting Trojan that managed to slip into Google Play. The application was submitted as a perfectly legitimate color block game, following which attackers would update it with malicious code. After the malicious update reached the device and gained system privileges, it had the ability to covertly install applications from third-party marketplaces – potentially malicious – without the user’s knowledge. After successfully doing that, the application was once again updated with a benign version as not to stir suspicion.

In this actual scenario, attackers would have been able to access any type of information stored on the device, remotely install or remove applications, or even trigger on-device features – such as camera, microphone, etc. – for eavesdropping purposes.

How to Stay Safe

By installing applications from trusted marketplaces, you reduce the chances of accidentally installing rooting Trojans or any type of threat. But even Google Play is not immune to malware, as some have managed to infiltrate.

Regularly updating the mobile OS with its latest security patches is highly recommended, as attackers cannot use known vulnerabilities to their own advantage. Since smartphones hold just as much personal data, if not more, than traditional PCs, everyone is encouraged to always have a mobile security solution installed, as they’re usually highly capable of identifying malicious apps from official marketplaces and third-party ones.

A mobile security solution can timely identify any malicious application that’s packing rooting capabilities – as it’s not exactly legitimate behavior – keeping users save from attackers trying to remotely control their device. Whether the application is downloaded via third party marketplaces or simply delivered via a malicious URL, a mobile security solution is capable of blocking both the malware-serving URL and the actual application before installing. Consequently, a mobile security application is capable of securing your device and data from a wide range of attack vectors.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.


Click here to post a comment
  • Yes,thats what happened to my Polaroid tablet with Android 4.4 KitKat on it. Hacked by a trojan and IT cannot be removed.The device has been rooted,and NOT BY ME,THE OWNER.Every time I try do work on it get message: google play services has stopped.I even tied to do a factory reset,but even that failed,the message about google play services has stopped is still apearing. Don't know what to do now.I probably best bring the tablett to garbage-recycling point.

    • In the meantime keep it in a bag in the garage. It can spy on your family from the camera and microphone. Sorry to hear that.

  • Ok but, if the device seller stopped to update the device Os, and Os version has currently many vulnerabilities open everywhere, the user has right and also need to try to upgrade the Os in different manner, and this is also the only security response possible, apart from brick the device with a hammer