Threat description




Trojan-Downloader:Android/RootSmart forwards device details to a remote server, and downloads and installs additional applications onto the compromised device.


Automatic action

When detected during scanning, F-Secure SAFE will prompt you for a desired action. You may assess the detected file and choose to Uninstall, Quarantine or keep it installed on your device. More information about these options can be found at Help Center: Assess files detected during scanning.


More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

RootSmart disguises itself as a application whose Chinese-language name translates as 'Quick System Settings'.

Upon starting up, RootSmart connects to and forwards details of the device - including the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) number - to a command and control (CnC) server, from which it also downloads and installs additional applications.

The malware also connects to a remote location to obtain files and scripts used for gaining root access on the compromised device and installing additional malicious components on the device.


This malware is discussed in further detail in: Q1 2012 Mobile Threat Report (PDF).

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Protect your life on every device

F-Secure SAFE looks out for you and the people close to you, on every device

More Info