Zihang Xiao 发布于 01月18, 2014

Oldboot:Android平台的第一个bootkit

奇虎360科技有限公司(NYSE: QIHU)

肖梓航,_董清_,_张昊_,蒋旭宪

——

近日,我们发现了一个Android木马采用全新的攻击方法修改设备的boot分区和启动配置脚本,在系统启动的早期创建系统服务和释放恶意软件。由于boot分区的RAM disk特性,全球所有的反病毒软件都无法彻底将其清除。我们将这个木马家族命名为Oldboot。据我们所知,这是Android平台发现的第一个bootkit。

阅读全文 »

Zihang Xiao 发布于 01月17, 2014

Oldboot: the first bootkit on Android

Qihoo 360 Technology Co. Ltd. (NYSE: QIHU)

Zihang Xiao, Qing Dong, Hao Zhang and Xuxian Jiang

Jan 17, 2014

——

A few days ago, we found an Android Trojan using brand new method to modify devices’ boot partition and booting script file to launch system service and extract malicious application during the early stage of system’s booting. Due to the special RAM disk feature of Android devices’ boot partition, all current mobile antivirus product in the world can’t completely remove this Trojan or effectively repair the system. We named this Android Trojan family as Oldboot. As far as we know, this’s the first bootkit found on Android platform in the wild.

阅读全文 »