NQ Mobile Security Research Center has recently uncovered a new malware DKFBootKit. This malware is identified when monitoring and analyzing the evolution of earlier DroidKungFu variants. What sets DKFBootKit apart from malware like DroidDream, is that DKFBootKit replaces certain boot processes and can begin running even before the system is completely booted up.
DKFBootKit repackages legitimate apps by enclosing its own malicious payloads in them. However, the victim apps it chooses to infect are utility apps which require the root privilege to work properly. NQ says the malicious code has already infected 1,657 Android devices in the past two weeks and has appeared on at least 50 different mobile apps.
These apps seem to have legitimate reasons to request root privilege for their own functionality. It is also reasonable to believe that users will likely grant the root privilege to these apps. DKFBootKit makes use of the granted root privilege for other malicious purposes, namely comprising the system integrity.
In order to avoid being infected by this beast, NQ recommends three commonsense steps:
- First, don't download any apps from sketchy app stores.
- Second, don't accept app permissions from unknown sources and always be sure to read the permissions an app is requesting.
- Third, download a security app that can scan your apps for you to search for malicious code.
NQ Mobile Security for Android is available for download.