Google has been improving the overall security of its Android platform, this allowed it to decrease malware occurrences, but malicious applications are still able to avoid these.
Researchers from lookout have identified a type of malware, targeting the Google Play app marketplace that lures users to download utilities and games. When installed, these utilities and games secretly root devices. The exploit gives attackers complete control over the infected device. Lookout discovered an application last week named LevelDropper that was determined as malicious. At first the app looked harmless, Lookout thought it was a simple app to use instead of a physical level, but upon deeper analysis of the app, it turned out to be malicious. It falls under the type of mobile malware that upon installation, silently roots a device in order to perform actions that requires higher privileges, this is termed as “auto-rooting malware”
According to Lookout researchers within 30 minutes after LevelDropper was launched for the first time on a compromised device, 14 new applications were installed without any kind of user interaction. Root exploitation are not new and trace back to 2011, previous examples include ShiftyBug, Shuanet, Shedun, and Brain Test, were removed from Google Play. These programs not only root affected devices but install additional applications on them as well. It has been observed that for the time being these apps are only being used to drive ad revenues. If you happen to be infected by LevelDropper, in order to get rid of the malware, simply perform a factory reset on the affected device. Lookout researchers worked with Google to have the LevelDropper app removed from Google Play.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street