Extensible code is program code that `reaches' beyond the host system it is running on and interacts with third-party servers – this is a key feature of how ActiveX and JavaScript functions, Infosecurity notes.
The DroidKingFu malware is, says Fortinet, a fully-fledged botnet that is capable of downloading additional malware and, says the appliance security vendor, opening applications and browsers at will.
As if this wasn't enough, the malware can delete files and has also been found in multiple variants.
If all of this sounds familiar, it is because the feature set is similar to that seen in SpyEye and Zeus – Fortinet notes that the Android darkware behaves like much of the latest malware seen on Windows PCs.
Derek Manky, the firm's senior security strategist, says that DroidKungFu clearly represents the next evolution in mobile malware.
"Where earlier attempts at Android malware, such as Zeus in the Mobile (Zitmo), are able to intercept the type of two-factor authentication that banks use to validate the identity of the account holder when logging in, DroidKungFu does much more. By disguising itself as a legitimate VPN client application, the malware quickly gains root access to the device using social engineering”, he said.
“Once executed, DroidKungFu has the ability to download further malware, open URLs in a browser, start programs and delete files on the system", he added.
Delving into the Fortinet's October threat report, the security vendor also warns about URL shortening services, which appear to have been targeted by hackers in recent weeks.
“Because URL shortening services are able to reduce the number of characters in a typical Web address, they're a favourite among Twitter users. They're also frequently used for email purposes, because some email applications have the tendency to break longer links during transmit or arrival”, notes the report.
However, says the analysis, the benefit of a URL shortening service is also its biggest weakness, as the service enables criminals to obfuscate malicious links that can infect a user's system.
“Historically, Fortinet has always recommended that users place their cursor over a questionable URL before clicking on it to see if that link is actually being redirected to a questionable page. This safety measure is not applicable to shortened URLs. There's no sure fire way to tell in advance when a user clicks on a shortened URL if they are about to be redirected to a malicious site”, says the report.
Manky notes that recent advances in anti-spam techniques are catching much of today's shortened link malware, but his team are now tarting to see malicious software creators creating their own URL shortening services to circumvent the latest spam detection technology.
“This is yet another example of [the] crimeware as a service (CaaS) [facility] that cybercriminals offer", he explained.