Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:Android/Oldboot.A


Aliases:


Trojan:Android/Oldboot.A
Android.Oldboot

Malware
Trojan
Android

Summary

Trojan:Android/Oldboot is reportedly the first malware to infect the boot partition of the Android operating system (also known as a bootkit).



Disinfection & Removal

F-Secure's Mobile Security product blocks installation of this program with default settings.



Technical Details

Trojan:Android/Oldboot is reportedly most likely to have been distributed in a firmware update targeting Android devices in mainland China.

When the device is updated, the malicious code is included in the read-only physical boot partition of the device. Storing the code in this location means that it is restored fresh to the root directory of the operating system every time the device is rebooted, making attempts by security solutions to completely remove it from the file system ineffective.

While active, the bootkit reportedly performs such actions as monitoring and deleting SMS messages, stealing SMS message contents and forwarding them to a remote server and installing unwanted apps onto the device.

For more information, see:







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free