GingerMaster Malware Seen Using Root Exploit for Android Gingerbread

The evolution of mobile malware seems to be accelerating, especially as it applies to Android malware. The newest example of this rapid change is the appearance of GingerMaster, a variant of the DroidKungFu malware that now sports a root exploit for Android 2.3 and gives the attacker complete control of the infected device.

The new piece of malware, discovered by researchers at North Carolina State University, uses a jailbreak exploit for Android 2.3, also known as Gingerbread, that is packaged in an infected app as a seemingly legitimate file. Once that exploit runs, it gives the malware root privileges on the phone and also begins collecting data about the device for transmission to a remote server.

The GingerMaster malware exists in infected apps by registering a receiver so that it will be notified when the system finishes booting. Insider the receiver, it will silently launch a service in the background. The background service will accordingly collect various information including the device id, phone number and others (e.g., by reading /proc/cpuinfo) and then upload them to a remote server.

Once the GingerMaster malware is installed and has root privileges, it then reaches out to a remote command-and-control server and asks for instructions. It then has the ability to download and install apps on its own, without the user’s permission.

There’s no indication that GingerMaster is in any apps in the official Android Market. No further information is available at this time.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: