For those unfamiliar, Google recently unveiled Bouncer, a service which has been around for a while, and whose main purpose is to scan Android Market applications and look for patterns of potentially malicious code. According to Google, the implementation of Bouncer has seen a 40% decrease in the number of potentially malicious downloads from the Android Market, but thanks to a North Carolina State University professor and his team, a new Android malware has been discovered that has the potential to bypass Google’s Bouncer and make its way onto the Android Market undetected.
According to Professor Xuxian Jiang, this particular malware has been dubbed “Rootsmart” and basically installs itself on the user’s Android device with no malicious code whatsoever. This helps the malware avoid detection and evade scans (such as Bouncer) that could potentially flag it as malware. Instead what the app does is that it slowly downloads malicious code from a remote server over the course of hours or days, and hides the data transfer in the phone’s communications. For those familiar with malicious Android code, the code being downloaded by Rootsmart is none other than “Gingerbreak”, an exploit that allows the hacker to gain complete access to the device.
At the moment it seems that while Rootsmart does have the capability to bypass Bouncer, no evidence of it has been found on the Android Market so far. However this does not mean that we’re safe – after all it wasn’t too long ago that a fake Instagram app was discovered in the Android Market (possibly a malware) and was quickly pulled. As usual, downloading from trusted sources and avoiding suspicious third-party app websites will go along way in protecting your Android device from such malware.