Android boot kit infects 350,000devices The first ever Android Trojan with bootkit capabilities has been discovered and that the malware is already operating on some analyzed by Dr.Web researchers, who warn 350,000 mobile devices around the world. The malware - dubbed Oldboot - resides in the memory of infected devices and launches itself early on in the OS loading stage, they say, and believe that the Trojan is beingdistributed via modified firmware. To ensure persistence, the attackers have inserted one of the Trojan's components into the boot partition of the file system, and have altered the script that is tasked with initializing the OS components. "When the mobile phone is turned on, this script loads the code of the Trojan Linuxlibrary imei_chk, which extracts the files libgooglekernel.so and GoogleKernel.apk and places them in /system/lib and /system/app, respectively," the researchers explained.
