Sunday, June 5, 2011

New Hard-To-Detect Android Malware Threat On The Loose, Steals User Data, And More called DroidKungFu

If you’re an Android user, you better stay on the lookout for a new form of Android malware: DroidKungFu. Discovered by Assistant Professor Xuxian Jiang and Ph. D. student Yajin Zhou, both from North Carolina State University, this reflects yet another evidence that hackers are interested in this open but also largely unprotected platform.

Android Malware



As explained on the University’s blog, the malware takes advantage of a vulnerability present in Android 2.2 and under. When installed, it opens a backdoor that grants an attacker full access to the phone, and the data on it, essentially turning it into a "bot":

In Android versions 2.2 (Froyo) and earlier, DroidKungFu takes advantage of two vulnerabilities in the platform software to install a backdoor that gives hackers full control of your phone. Not only do they have access to all of your user data, but they can turn your phone into a bot – and basically make your smartphone do anything they want.

Users of later versions of Android are also affected, although to a lesser degree: albeit no full control is possible, some data is still accessible, such as the phone’s mobile phone device ID number, a unique number used by authorities to identify the handheld and block it, in case it gets stolen.

What sets this threat apart from other recently Android threats, like DroidDream, which we reported on last week, is the fact it can’t be detected or removed by common anti-malware software. According to the University’s blog, two leading malware removers were tested and neither of them was able to detect or remove DroidKungFu effectively. The researches at North Carolina State are currently working with anti-malware makers on a fix:

The researchers are currently discussing this problem with leading anti-virus software companies.

Nexus S 4G

This malware is embedded into Android applications found in "more than eight" different Chinese App Stores. While no infected Apps have been found anywhere else, we can’t stress enough that taking standard security precautions is becoming more important than ever on mobile devices: don’t get Apps from sources you’re not familiar with and check for anything shady. Remember that if something doesn’t look right, it probably isn’t.

Even if this piece of malware isn’t detected, it’s also becoming increasingly advisable to get anti-malware software, such as Lookout or AVG Free. Some protection is always better than none.

(via The Abstract)


No comments:

Post a Comment