Android Phone Tips
|Android Phone Tips|
The latest malware targeting Android devices takes advantage of a jailbreak exploit to gain root-level access and executes instructions from a remote server. Researchers have uncovered the first malware using the "Gingerbreak" root exploit for Android 2.3, code-named "Gingerbread."
NC State researchers worked with mobile security vendor NetQin and discovered that Ginger Master wrapped malicious code around a jailbreak exploit for Android 2.3 devices. The information stolen includes the user identifier, SIM card number, telephone number, IMEI number, IMSI number screen resolution and local time, according to Vanja Svajcer, a principal virus researcher in SophosLabs.
“The GingerMaster malware is repackaged into legitimate apps,” said Jiang. The applications masquerade as popular applications to encourage users to download it. It can download and install applications on its own without the user's permission, Jiang found.
It's "exceptionally difficult" to gauge the impact of Android malware distributed outside the official Android market, Tim Armstrong, a malware researcher at Kaspersky Lab, told eWEEK. Users should avoid alternative Android Marketplaces unless they have "strong evidence" the applications are trustworthy, Svajcer recommended. GingerMaster may compromise Android 2.2 and earlier devices with some adjustments, Jiang said. Jiang's team also found other DroidKungFu variants in alternate Android application stores that used similar root exploits for earlier versions of Android.
Jiang named the malware "GingerMaster." Like most Android malware, GingerMaster hides inside legitimate Android applications that attackers have pirated, added malware to, then re-released onto popular download markets.
The malware waits for further instructions from the C&C server, which can tell jacked phones to download even more malware or other apps, said Jiang. In a post to the Sophos security blog Monday, Svajcer said he had downloaded the infected app from a Chinese-language site that caters to Android owners.
Although some infected apps have slipped into Google's official Android Market, a larger number are distributed through alternate sites, including several popular Chinese app marts. Last month, for instance, Jiang warned Android users of a then-new threat, called "HippoSMS," that his group had found on unauthorized Chinese app stores.
According to several antivirus vendors, the volume of Android malware has jumped this year. NC State's Jiang stressed that the newest Android malware is a significant threat, and urged smartphone owners to watch where they download apps and remain vigilant when an app requests a large number of permissions.
By. Android Phone Tips