PocketDroid Alert: New Trojan Affecting Android Devices – DroidKungFu Backdoor



A week just passed since our last warning regarding, new malware affecting Android devices, that anti viral companies discovered a new strain of malware filed under the name of DroidKungFu.

According to F-Secure this new malware has been detected utilizing the root exploit “Rage Against The Cage”, which is labeled by the anti-virus corp as Trojan/Backdoor: Android/DroidKungFu.A.



This new malware is embedded on a trojanized application that may require a root access in order to conceal itself. First it needs to get installed disguised as another application and after that tries to gain root access in order to install the com.google.ssearchapplication, which guides the DroidKungFu’s service component that will start a servicecom.google.ssearch.Receiver.

The malware runs as a backdoor, notice the double “SS” in the screenshot. Here are some of its capabilities that F-Secure discovered:

•  execDelete — execute command to delete a supplied file
•  execHomepage — execute a command to open a supplied homepage
•  execInstall — download and install a supplied APK
•  execOpenUrl — open a supplied URL
•  execStartApp — run or start a supplied application package

Trojan:Android/DroidKungFu.A can also obtain the following information and post it to a remote server:

•  imei — IMEI number
•  ostype — Build version release, e.g., 2.2
•  osapi — SDK version
•  mobile — users’ mobile number
•  mobilemodel — Phone model
•  netoperator — Network Operator
•  nettype — Type of Net Connectivity
•  managerid — hard-coded value which is “sp033”
•  sdmemory — SD card available memory
•  aliamemory — Phone available memory

If you found a bug and want to report it to Google Android Developers, or you want to stay informed over the latest security issues regarding Android, you can do that accessing Android Security Discussion Group.