Android Trojan GingerMaster Uses Gingerbread Root Exploit
As our smartphones become more ubiquitous and more powerful, they need to be protected in much the same way that you would protect your computer. Further to this, a malicious piece of malware has been discovered for devices powered by Android 2.3.3 Gingerbread, giving the hacker the ability to take complete control of the smartphone remotely. According to Assistant Professor Xuxian Jiang from the NCSU Department of Computer Science, the new threat, which his team has dubbed GingerMaster, is the first malware to use the root exploit for Android 2.3. "As this is the first time such malware has been identified, it is not surprising when our experiments show that it can successfully evade the detection of all tested (leading) mobile anti-virus software," he writes.
Once the GingerMaster malware is installed and has root privileges, it then reaches out to a remote command-and-control server and asks for instructions. It then has the ability to download and install apps on its own, without the user's permission, Jiang found. GingerMaster is an evolution of the existing DroidKungFu malware, which had some of the same functionality. Earlier this week, Jiang's team also found other variants of DroidKungFu in several dozen infected apps in alternate Android app stores. That version included a couple of root exploits as well, but for earlier versions of Android.
As far as we can tell, no "official" applications being offered through Android Market have been affected by GingerMaster, but it's best to err on the side of caution when it comes to these things. Recognize that your Android smartphone is very much a computer and, as such, is just as vulnerable to attacks as your home PC. The researchers recommend that users take several steps to protect themselves. The first one is to run a mobile antivirus product. There are several free solutions available from vendors like Lookout, AVG, BitDefender or Symantec.Then, users should only download apps from trusted marketplaces, like the official Android Market. Unfortunately, there is no assurances that malware won't slip through the cracks and appear on these services from time to time, but the chances are lower than in other places.Finally, users should make a habit from reading and understanding the permissions requested by apps on installation. Trojanized apps will usually require permissions that legit versions wouldn't need.
