Q
Problem solve Get help with specific problems with your technologies, process and projects.

How to remove malware on Android devices that reinstalls itself

A variant of malware on Android devices removes and reinstalls itself when a device powers on or off. Learn how to completely eradicate the threat.

I read about a new strain of malware that is able to download, install and remove applications on a device, but...

disappears when the device is powered on. I also read that elements of the malware stay in the device and reinstall when the device is rebooted. How does this malware work and what should my enterprise do to eradicate it? Is there a way to truly get rid of it completely?

It is extremely common for malware, such as the bootkit Trojan Android.Oldboot, to download and install other applications to further the attacker's goals. Typically, the malware is just the initial point of entry into a system; it then uses additional modules, such as ones from an exploit kit, to gain administrative access and then install a rootkit to complete the rest of the attack.

However, the act of removing applications -- or the malware removing itself when a device is powered on -- is much less common. Sometimes, an attack will patch itself or otherwise secure the system so that other attackers can't compromise it. Note, these types of attacks haven't been widely reported on Android systems, but are common to Windows-based malware. This shows that either Android malware is adapting techniques from Windows malware or that Windows malware is starting to target Android. The Android OS is based on Linux and the techniques for attacks on Linux systems are being adapted for Android-based attacks.

Much like on Windows, the Android.Oldboot malware installs itself in the boot partition on the file system so it loads every time the device is restarted. This provides the malware persistence needed on the device to maintain control.

The easiest way to remove malware from a mobile device is to do a full factory reset of the device. Otherwise, you could reinstall known good firmware, but this is likely to be very difficult for end users, and since many enterprises don't support smartphones or Android, users will most likely need to go to a vendor or retailer for support.

Potentially the only sure way to remove the malware from your enterprise would be to buy a new device from a known, trusted vendor or retailer.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

This was last published in July 2014

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Hello All,
I have a Verizon Droid Turbo 2, infected with "the plain "hummer" virus., the solution listed is to write the correct rom, as it survives hard reboot
the playstore app ,if you red fine print, says it may not work,phone is unusable
any help appreciated, 
ernest958
Cancel
it seems getting the original roms sset for 7.0 for the 32 meg verizon droid turbo2 and writing them would be easiest and should work, 
ideas?
im at stuck pint having to keep wifi off, and not data over phone, as it starts installing random playstore apps
any help pointer appreciated
I cant believe there is no fix for the hummer virus
ernest

Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close