First root malware arrives for Android devices

The good news about the GingerMaster malware, as it is known,Infosecurity notes, is that the malware has only been found to affect mobile devices running Android 2.3, aka Gingerbread, which has yet to be rolled out across large numbers of devices.

The bad news, however, is that because the malware operates at the root level, it is very difficult to remediate on those Android devices that have not been rooted for use with a wide selection of Android software.

According to Xuxian Jiang, an assistant professor with NC State University, DroidKungFu takes advantage of the most recent root exploit against Android platform 2.3, which was discovered in April of this year.

“As this is the first time such malware has been identified, it is not surprising when our experiments show that it can successfully evade the detection of all tested (leading) mobile anti-virus software”, he says in his latest security posting.

Jiang, who says he has been working with China's NetQin on the research, notes that the GingerMaster malware is being found repackaged into legitimate apps.

These legitimate apps, he explained, are supposedly popular to attract user downloads and installation, and within the repackaged apps, the malware registers a receiver so that it will be notified when the system finishes booting.

Inside the receiver, meanwhile, he adds that the malware silently launches a service in the background that then collates a wealth of data from the handset and other sources.

After gaining root privileges, the GingerMaster malware will connect to the remote command & control server and wait for instructions, with the user being unaware that the smartphone or tablet computer has been infected.

To prevent infection, Android 2.3 users are advised to only downloads apps from known and trusted sources, and always check reviews before installing them.

Users should also, he adds, be on alert for unusual behaviour on mobile phones and ensure that you have up-to-date security software installed on your device.

What’s hot on Infosecurity Magazine?