Rooting your phone is usually a good thing, but sometimes malware will do it for all the wrong reasons.
Owning a rooted phone is usually a positive thing that people want, but it’s not always the case. Sometimes, a malicious program can root your device without you realizing it, exposing you to all of the downsides while giving none of the good.
So, what is rooting malware, how does it work, and how do you stay safe from it? Let’s find out.
What Is Rooting Malware?
Rooting malware works by gaining root access to your phone. This gives the malware heightened control over your phone, allowing it to perform some really nasty deeds while it lurks on your system.
The term “rooting,” by itself, is not a bad thing. In fact, people root their phones all the time. When you root a phone, you get administrative access to its data and operating system. This gives you far greater control over its hardware and the apps installed on it.
As such, rooting is all well and good if you’re the one doing it. However, the key between rooting a phone yourself and rooting malware doing it for you is that the latter does it without your permission or knowledge. And while you’re blissfully aware of what’s going on, the malware is using the elevated permissions to wreak havoc on your system.
Fortunately, rooting malware is one of the rare kinds of viruses you can download to your phone. However, its rarity is balanced out by the sheer damage it can cause.
How Does Rooting Malware Spread to Your Phone?
Typically, rooting malware makes its way onto your phone via an infected app. This can either be a legitimate app that’s laced with rooting malware, or an app designed specifically to trick people into downloading it.
Despite the malware’s attack vector, you likely won’t find it in fake rooting apps. That’s because the malware developer doesn’t want the victim to know that their phone is rooted. As such, you’re more likely to find rooting malware in apps that have nothing to do with rooting, so that the malware can do its work undetected.
You’ll usually find these infected apps on shady third-party websites advertising app file downloads. However, that’s not to say that the official app stores are immune from rooting malware.
On October 28, 2021, Lookout Threat Lab found 19 apps infected with the AbstractEmu malware strain on the Google Play store, seven of which had rooting capabilities. One of these infected apps garnered 10,000 downloads before Google could pull the plug on it.
As such, it’s important to stay vigilant against phone malware, even if it’s on an official app store. Just because it’s on there, doesn’t mean it’s 100% safe.
What Does Rooting Malware Do?
Once rooting malware gets onto your phone, it first does what its name suggests. It gains root access to your phone, which then essentially unlocks the whole system for the malware to exploit.
From here, what the malware does depends largely on the intent of the developer. If the malware developer wants to harvest personal information, it can tell the malware to do that. If the developer wants to earn revenue, they may set up a program on the root that shows excessive ads.
In fact, once the rooting malware gets its foothold on your system, a developer can use that entryway to download and install even more malware. And because it has root access, it can do that without any additional permissions from you.
The AbstractEmu malware we covered above even installed a brand new app on your phone, called “Settings Storage.” The app itself held no malicious code, and if you tried to open it, it would quietly close itself and load up your operating system’s default setting app instead.
However, while it didn’t contain any bad code itself, it would occasionally call home to the developer’s servers and download malicious code. And this is something malware can easily do with root access.
How to Avoid Downloading Rooting Malware
The best defense against rooting malware is common sense. For the malware to attack you, you need to download and install an infected app. As such, recognizing where infected apps tend to lurk is a huge step toward protecting yourself from them.
Third-party websites are the worst for malware. There are a few websites and app stores out there that people find trustworthy, but in general, the majority of websites either have an ulterior motive or don’t have the proper security set up to scan uploaded apps.
As such, try to keep to official channels if you can. If you have to go through a third-party app website due to restrictions, be sure you get it from a trustworthy source.
However, as we covered before, official app stores aren’t immune either. Fortunately, you have a valuable weapon in your arsenal for spotting shady apps; its statistics.
Malware on official app stores doesn’t last very long. As such, if you want to stay safe, look for apps that a) have been around the app store for a while, and b) have a high number of downloads. These apps are far, far less likely to contain malware than new apps with low download numbers.
These apps typically use some kind of ploy to garner downloads as quickly as possible. They may disguise themselves as a well-loved app, or advertise themselves as a must-have app for fans of a hot new movie or game. Don’t blindly download these; instead, take care and ensure you don’t riddle your phone with malware!
And, of course, there are smartphone antivirus solutions. While it was once thought of as weird to download mobile antivirus, smartphone malware has become so prolific that it’s no longer a joke.
Getting to the Root of the Problem
While rooting malware isn’t the most prolific kind out there, it can perform substantial damage on your device should you download it. Fortunately, there are ways to prevent rooting malware from making its way onto your phone, such as taking care of what you download and installing an antivirus.
Google Play has had a rough time with malware. For instance, Google had to remove FlixOnline after it harbored malware that spread via WhatsApp.
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.