- Aug 6, 2010
- 1,463
- 131
There is some new malware targeting Custom ROMs. This Trojan primarily focuses on the low end Chinese builds. The Lookout Mobile Security group blogged about this finding. < Link > They have identified at least eight different instances of the trojan jSMSHider. The current potential of compromise is low, but you should be aware. This could easily migrate to other ROMs, and the impact could create a problem of trust with community Builds or Custom ROMs.
The application would appear to be installed as a default build application. This type of Trojan tries to take control over the mobile phone functionality by rooting the phone. jSMSHider exploits a vulnerability in the way most custom ROMs sign the system image. Publicly available private keys in the Android Open Source Project (AOSP) are commonly used to sign the custom builds. The end result is this exploit attempts install custom commands and receive instructions from external servers. Information could be passed back, and the device could be used to connect if possible to a costly SMS service.
Most AV products for Android would identify and protect from this compromise attempt. The problem is most individuals who use custom ROMs do not want the CPU impact from an Android AV product. The best recommendation is to be aware, and be cautious of unknown custom/community build ROMs.
Last edited by a moderator: