New Malware Targets Android Users of Custom ROMs

A new risk was discovered for users who root their Android smartphones to run custom ROMs as a security firm discovered a jSMSHider malware that can attack those handsets. The malware exploits the fact that unofficial ROMs rely on a publicly listed key on the Android Open Source Project. The malware then targets that exploit and can install apps without a user’s permission and can talk to an external server, send and receive text messages, and load links in a web browser without the knowledge of the user.

jSMSHider exploits a vulnerability found in the way most custom ROMs sign their system images. The issue arises since publicly available private keys in the Android Open Source Project (AOSP) are often used to sign the custom ROM builds.  In the Android security model, any application signed with the same platform signer as the system image can request permissions not available to normal applications, including the ability to install or uninstall applications without user intervention.

Though Lookout Internet Security did not acknowledge which custom ROMs were affected, though the recent version 7 of CyanogenMod does patch up that vulnerability.


So while there are certain benefits to rooting, users should also know of the potential drawbacks of rooting, including security risks as a result of rooting and/or running custom ROMs and unauthorized apps. Additionally, rooting may also void your warranty.

Via: Electronista