RootSmart Android Malware May Be Able To Sneak By Google’s New Bouncer (Update)

Remember that Bouncer Google put in the Android Market to act as a goalie for all potential malware attacks?

It would seem that Google’s Bouncer doesn’t catch everything as Professor Xuxian Jiang, the same guy who discovered dozens of other Android malware attacks, has found yet another exploit called RootSmart.

RootSmart works very similarly to a proof-of-concept app built by Jon Oberheide, by “dynamically fetching the GingerBreak root exploit from a remote server and then executing it to escalate its privilege.” This basically means that a malicious RootSmart app installs itself on the device with virtually no malicious code whatsoever, and the code is then fed to the app/device from remote servers.

Since Bouncer works by scanning for known bits of malicious code, it makes RootSmart a very difficult bit of malware to find. However, RootSmart has not been found within the official Android Market thus far. Still, double check your permissions when downloading an app and make sure to read customer reviews.

We’ve reached out to Google for a comment on RootSmart and will get back to you as soon as we hear something.

Update: It would seem as though Google has actually patched the GingerBreak exploit (for devices running ICS, Honeycomb, and devices updated to Gingerbread after May 2011), the same one employed by RootSmart to gain access to devices. Since it’s already been patched, and there’s no evidence of RootSmart hitting the Android Market, it’s unfair to say that Bouncer has been (or can be) bypassed at this time.