Trojan targets devices with custom Android versions

A Trojan targeting rooted smartphones and those with custom built versions of Android has been spotted on third-party Android markets in China.

Lookout researchers have dubbed it jSMSHider, and in order to install its payloads, the Trojan exploits the fact that system images in most custom ROMs are signed with publicly available private keys in the Android Open Source Project.

“In the Android security model, any application signed with the same platform signer as the system image can request permissions not available to normal applications, including the ability to install or uninstall applications without user intervention,” explain the researchers.

That allows the Trojan to install another payload onto the device without asking the user for permission, and the device is not ready to install additional apps, communicate with C&C servers (whose addresses are dynamically changed), open URLs silently in the background and read and send SMS messages.