The pace of the malware development is running at a light-speed. Do you remember the DroidKungFu trojan? A new improved variant of it, is now surfacing and its a lot more evolved includng a root exploit which allows the attacker to gain root access on the infected device.
The new piece of malware code, discovered by researchers at North Carolina State University, uses a jailbreak exploit for Android 2.3 Gingerbread.
GingerMaster is packaged in an infected app as a seemingly legitimate application file. Once that exploit runs, it gives the malware root privileges on the “zombie phone” beggining to collect data about the device for transmission to a remote server.
“The GingerMaster malware exists in infected apps by registering a receiver so that it will be notified when the system finishes booting. Insider the receiver, it will silently launch a service in the background. The background service will accordingly collect various information including the device id, phone number and others (e.g., by reading /proc/cpuinfo) and then upload them to a remote server,” Xuxian Jiang, an assistant professor at NC State, whose team found the GingerMaster malware, wrote in a blog article.
This is the first serious threat because it is able to gain root access on its own if the device is not rooted yet.
Due to the fact that GingerMaster contains the most recent root exploit, we consider it poses one of the most serious threats to mobile users. For mitigation, please follow common-sense guidelines for smartphone security. For example,
- download apps from reputable app stores that you trust; and always check reviews, ratings as well as developer information before downloading;
- check the permissions on apps before you actually install them and make sure you are comfortable with the data they will be accessing;
- be alert for unusual behavior on the part of mobile phones and make sure you have up-to-date security software installed on your phone.
source: NCSU Blog