Top Menu

First Gingerbread Android Malware Detected

Researchers have stumbled upon the first malware to attack Google’s Android v2.3, also known as Gingerbread. Last Thursday, a team headed by Xuxian Jiang, an assistant computer science professor from the North Carolina State University, and the Beijing-headquartered NetQin Mobile Security were able to identify a high risk malware that can completely compromise or root the popular mobile OS.

Jiang has in his blog post christened the malware as “GingerMaster.” It uses “GingerBreak” – an attack algorhythm Jiang first revealed last April. GingerMaster code hides behind legitimate Android apps that have been pirated, malware added and released back into popular Android download sites.

Once unwary users download the infected application, the malware gets launched rooting the smartphone to harvest personal information that includes the cellphone number and device ID, and sending it to the C&C (command and control) server of the attackers. Jiang said that after the initial strike, the GingerMaster awaits further commands from the C&C which can instruct users to download more malware through infected apps.

Posting at the Sophos security blog last Monday, Sophos principal virus researcher Vanja Svajcer confirmed Jiang’s findings with an infected Android Gingerbread smartphone. He downloaded an infected application from a Chinese-language website catering to Android users.

There have been earlier Android malware like DroidDream and DroidDream Light that exploited unpatched bugs in older versions of the OS but failed to hijack smartphones using the newer Gingerbread. This time around, the GingerMaster succeeded.

According to a number of antivirus sites, 2011 is seeing a growing volume in Android malware. Google has already yanked out more than 50 infected apps from its Android Market in March and another 30 in May. In early August, San Francisco’s Lookout Security warned that the chances of an Android smartphone user getting malware increased 2.5 times just in the first half of the year. McAfee joined to chorus saying that the hackers has made Android their primary target with more threats than other mobile OS.

Jiang added that because GingerMaster contains a recent root exploit, it poses one of the most sinister threat to Android users and has urged owners to be cautious about where they download their apps and to be wary about apps that request large permission requests.

, , , , ,