Antivirus company NQ Mobile has discovered a variant of the DroidKungFu Android malware called DKFBootKit that targets users who have rooted their smartphones. The malware piggybacks on apps that would otherwise ask for root privileges anyway – and, once the user has agreed, sets up camp deep in the smartphone's boot sequence and replaces commands such as ifconfig and mount to help ensure it is started early in the boot sequence. Since the bootkit itself doesn't take advantage of any exploits, the security researchers say it is more difficult to catch.

NQ uses, as an example of an affected app, a tool that upgrades the free version of ROM Manager to the premium version. The report says that some tools for unlocking games or managing installed apps are also affected. The malware launches a bot component that contacts various command and control servers and waits for further commands. The company has not yet said what the bot is used for but reports having already seen more than one hundred files infected by DKFBootKit.

(fab)