Main menu


What is rooting malware How do I protect my device

 What is rooting malware?  How do I protect my device?

What is rooting malware?  How do I protect my device?

      A rooting malware gains root access to the victim's device.  This gives you more control over the phone.

      This type of malware gets to our phone through apps, and we can even find it in apps published in the Play Store.

  Rooting a device is something that brings many advantages, especially if you want to try out new functions or use specific apps that require superuser permissions.  The problem is that sometimes some malware can use this to their advantage, causing us to face a lot of problems.  In this sense, malware eradication is precisely one of those malware that we should be wary of.

  What is rooting malware?

  Malware rooting works when you get root access on the mobile device.  This allows you to control the phone, in this way, you can perform many actions that you would not be able to do without superuser access.

  Rooting the device itself is not a negative thing, there are many people who have root permissions on their devices.  In this way, they get administrative access to their data and the operating system, providing more precise control over the devices and applications that we install on the mobile phone.

  However, we run the risk of getting infected with malware and when this malware has root access, it can perform actions without our permission or even without our knowledge.  So it uses administrator permissions to wreak havoc on the system.

  Fortunately, it is not relatively normal for us to end up rooting malware on our devices.  However, in case we go through this situation, it can present a great danger.

  How root malware spreads on mobile devices

  It generally enters the device through an infected app.  It could be a legitimate app that contains malware or any app designed to trick people for the sole purpose of downloading.

  No matter how it gets into our devices, we are unlikely to find this category of malware in apps that require rooting, ironically.  This is because the malware developer does not want the victim to know that the device has root access.

  As a result, it is very likely that we will find this malware in applications that do not require our phone to have root access, that way it can do its job without us noticing.

  Most of the time, we will find infected apps on third party websites.  However, official app stores like Play Store or Amazon Store are not immune to this category of malware.

  Recently, on October 28, 2021, Lookout Threat Lab found 19 apps infected with AbstractEmu malware on Play Store, 7 of which targeted rooted devices.  One achieved 10,000 downloads before Google could remove it.

  It is essential to be aware of what is going on in our devices, anything strange should trigger the alarms.  The fact that an app is in the official store does not mean that it is completely safe.

  What does rooting malware do?

  Once the rooting malware enters the mobile, it gains root access and unlocks the system for exploitation.  From this moment, the program begins to work according to what the developer wants: collecting personal information, displaying ads, etc.

  Even once the software has infected our system, the developer can use it to download and install more malware.  With root access, you can do this without us giving you permissions and without us even noticing.

  For example, AbstractEmu malware installs an application on our devices called "Storage Settings".  The application itself does not contain any kind of malware, when you try to open it, it closes and opens the default application of the operating system.

  Despite the fact that the said application does not contain any malicious code per se, it contacts the developers' servers to download the malicious code.  This way you can enter our system.

  How to avoid malware eradication:

  The only way to avoid this is to be as careful as possible and be alert to any “strange” situation on our devices.  In order for malware to attack our phone, we have to download an infected app.  Therefore, it is necessary to be very careful with the applications we download.

  If we are going to download an app from an official store, the main thing will be to see the reviews and their ratings.  In addition, it is important to note how long it was posted.  These malicious apps do not last long in the Google Store;  This way, if the app has been in the store for more than a month, with good reviews and ratings, it is less likely to be infected.

  Another thing to keep in mind is the number of downloads, it is clear that the more people download the application, the more likely that many of them, in the case of malware, will notify it.  So, the more app downloads, the more sign that it's "safe".

  Obviously, on third-party websites, there are more possibilities to find this type of application.  It is essential to keep using official channels to reduce the chances of our devices getting infected.

  Another option is to use a phone antivirus;  A while ago, the use of security software for mobile devices was considered unnecessary.  At the moment, it is recommended, due to the large number of malicious parties that develop Android malware.