A new discovery of auto rooting malware has been detected on the Google Play Store. The malware also includes a new member, the LevelDropper.
The security firm, Lookout discovered the app last week and showed the evidence of the new strain of malware that it carries. Normally, apps can download an app and install it all on their own without the permission or any interaction with the user. Unless of course, the app has access to the package manager. Lookout, therefore, managed to see the observed points of the LevelDropper, which had the capability to auto root itself.
In a blog post, the company wrote that the word ‘auto rooting malware’ was being used to represent a classification of the mobile malware which was used to root the device silently so that they could perform actions which normally can only be done in the presence of more privileges.
They also wrote that at first seeing the app LevelDropper, it seems like a simple and conventional app that is used instead of the physical level that can be taken from the toolbox. But after deep analysis of the malware, it showed its malicious behavior and characteristics. In this case particularly, the app will stealthily root the device and also go on to spread and install further applications to the victim’s device.
A few minutes after installing the app, new apps that were previously not on the phone begin to appear and all without prompting the user to install any additional apps.
The first time, the firm alleges, only two apps will be installed on the device. But as time goes on and the app stays on the device more and more apps begin to appear on the device. After only 30 minutes, the researchers found out that at least 14 applications had already been downloaded, and all this without any permission or interaction with the user. The malicious is also believed to have the root privileges which it uses to display the obstructing ads in ways that make it difficult to get around with it.
Technically, apps must have root access to install apps without permission; it is stealthy about that too.
The researchers said that as they looked over the system directory, there was no indication that the device had been rooted. The only evidence the group says they could uncover was that the partition was writable, and any other evidence had been removed.
Lookout claims that LevelDropper might be a new breed of mobile malware.