Trojan-Downloader:Android/RootSmart forwards device details to a remote server, and downloads and installs additional applications onto the compromised device.
When detected during scanning, F-Secure SAFE will prompt you for a desired action. You may assess the detected file and choose to Uninstall, Quarantine or keep it installed on your device. More information about these options can be found at Help Center: Assess files detected during scanning.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
RootSmart disguises itself as a application whose Chinese-language name translates as 'Quick System Settings'.
Upon starting up, RootSmart connects to and forwards details of the device - including the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) number - to a command and control (CnC) server, from which it also downloads and installs additional applications.
The malware also connects to a remote location to obtain files and scripts used for gaining root access on the compromised device and installing additional malicious components on the device.
This malware is discussed in further detail in: Q1 2012 Mobile Threat Report (PDF).