DKFBootKit can be integrated into the boot process and run up to the initiation of the platform.
According to the study of NQ Mobile Security, which specializes in mobile security, the Internet appeared MBR-rootkit for Android – DKFBootKit. How to specify experts malicious application can be integrated into the boot process of the operating system, which greatly complicates the detection of the virus.
According to research, DKFBootKit trying to introduce themselves in the processes of applications that have root-access on the device. Built into the system partition with the possibility of rewriting, it is copied to the directory library / system / lib, and replaces a number of tools such as ifconfig and mount, as well as a startup script.
With these manipulations malicious application provides its own run to the initiation of the platform. Next DKFBootKit establishes a connection to a remote server and waits for malicious commands. According to the experts, having root-access, virus writers will be able to remotely execute on the device, any action.
In NQ Mobile Security also noted that at the moment DKFBootKit managed to find 50 legitimate applications, has infected more than 1,600 units over the past two weeks.
More on the research here.