Home > Threat descriptions >



Category: Malware

Type: Trojan-Downloader

Platform: Android

Aliases: Trojan-Downloader:Android/RootSmart, Trojan-Downloader:Android/RootSmart.A


Trojan-Downloader:Android/RootSmart forwards device details to a remote server, and downloads and installs additional applications onto the compromised device.


Automatic action

Once the scan is complete, the F-Secure security product will prompt you to assess the file and choose to Uninstall, Quarantine or keep it installed on your device.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

RootSmart disguises itself as a application whose Chinese-language name translates as 'Quick System Settings'.

Upon starting up, RootSmart connects to and forwards details of the device - including the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) number - to a command and control (CnC) server, from which it also downloads and installs additional applications.

The malware also connects to a remote location to obtain files and scripts used for gaining root access on the compromised device and installing additional malicious components on the device.


This malware is discussed in further detail in: Q1 2012 Mobile Threat Report (PDF).