PocketDroid Alert: New Trojan Affecting Android Devices – DroidKungFu Backdoor

Share article:

 

A week just passed since our last warning regarding, new malware affecting Android devices, that anti viral companies discovered a new strain of malware filed under the name of DroidKungFu.

According to F-Secure this new malware has been detected utilizing the root exploit “Rage Against The Cage”, which is labeled by the anti-virus corp as Trojan/Backdoor: Android/DroidKungFu.A.

 

 

This new malware is embedded on a trojanized application that may require a root access in order to conceal itself. First it needs to get installed disguised as another application and after that tries to gain root access in order to install the com.google.ssearchapplication, which guides the DroidKungFu’s service component that will start a servicecom.google.ssearch.Receiver.

The malware runs as a backdoor, notice the double “SS” in the screenshot. Here are some of its capabilities that F-Secure discovered:

•  execDelete — execute command to delete a supplied file
•  execHomepage — execute a command to open a supplied homepage
•  execInstall — download and install a supplied APK
•  execOpenUrl — open a supplied URL
•  execStartApp — run or start a supplied application package

Trojan:Android/DroidKungFu.A can also obtain the following information and post it to a remote server:

•  imei — IMEI number
•  ostype — Build version release, e.g., 2.2
•  osapi — SDK version
•  mobile — users’ mobile number
•  mobilemodel — Phone model
•  netoperator — Network Operator
•  nettype — Type of Net Connectivity
•  managerid — hard-coded value which is “sp033”
•  sdmemory — SD card available memory
•  aliamemory — Phone available memory

If you found a bug and want to report it to Google Android Developers, or you want to stay informed over the latest security issues regarding Android, you can do that accessing Android Security Discussion Group.

Source

Share article:

4 thoughts on “PocketDroid Alert: New Trojan Affecting Android Devices – DroidKungFu Backdoor

  1. Mark Stannberg

    What about an android security discussion thread for pocketdroid community. You could start one since there’s a heavy increase of malware activity and people are being concerned about their privacy while surfing the web from their android based devices.

    Reply
  2. Mark Stannberg

    What about an android security discussion thread for pocketdroid community. You could start one since there’s a heavy increase of malware activity and people are being concerned about their privacy while surfing the web from their android based devices.

    Reply
  3. Anonymous

    good point Mark, we might just do that.. as we are not aware of any other security related sources which actualy debates on this matter except the official Google security discussion.

    Reply
  4. Florian Mihu

    good point Mark, we might just do that.. as we are not aware of any other security related sources which actualy debates on this matter except the official Google security discussion.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *