First Android Malware Utilizing a Root Exploit on Android 2.3

2
30

The pace of the malware development is running at a light-speed. Do you remember the DroidKungFu trojan? A new improved variant of it, is now surfacing and its a lot more evolved includng a root exploit which allows the attacker to gain root access on the infected device.

The new piece of malware code, discovered by researchers at North Carolina State University, uses a jailbreak exploit for Android 2.3 Gingerbread.

GingerMaster is packaged in an infected app as a seemingly legitimate application file. Once that exploit runs, it gives the malware root privileges on the “zombie phone” beggining to collect data about the device for transmission to a remote server.

The GingerMaster malware exists in infected apps by registering a receiver so that it will be notified when the system finishes booting. Insider the receiver, it will silently launch a service in the background. The background service will accordingly collect various information including the device id, phone number and others (e.g., by reading /proc/cpuinfo) and then upload them to a remote server,” Xuxian Jiang, an assistant professor at NC State, whose team found the GingerMaster malware, wrote in a blog article.

This is the first serious threat because it is able to gain root access on its own if the device is not rooted yet.

Mitigation:

Due to the fact that GingerMaster contains the most recent root exploit, we consider it poses one of the most serious threats to mobile users. For mitigation, please follow common-sense guidelines for smartphone security. For example,

  • download apps from reputable app stores that you trust; and always check reviews, ratings as well as developer information before downloading;
  • check the permissions on apps before you actually install them and make sure you are comfortable with the data they will be accessing;
  • be alert for unusual behavior on the part of mobile phones and make sure you have up-to-date security software installed on your phone.

 

source: NCSU Blog 

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here