Trojan-Downloader:Android/RootSmart forwards device details to a remote server, and downloads and installs additional applications onto the compromised device.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
RootSmart disguises itself as a application whose Chinese-language name translates as 'Quick System Settings'.
Upon starting up, RootSmart connects to and forwards details of the device - including the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) number - to a command and control (CnC) server, from which it also downloads and installs additional applications.
The malware also connects to a remote location to obtain files and scripts used for gaining root access on the compromised device and installing additional malicious components on the device.
This malware is discussed in further detail in: Q1 2012 Mobile Threat Report (PDF).