14 DAY TRIAL // A new piece of Android malware that functions as a backdoor encrypting the root exploits used in order to make it harder for security applications to detect it was discovered in the wild.
The threat was found by researchers from North Carolina State University on non-official Chinese Android app markets and forums.
The malware, dubbed DroidKungFu, was identified in four trojanized apps, including two games.
The practice of repackaging legit apps together with trojans has been the most common method of infecting Android handsets so far.
And just because apps bundling DroidKungFu have not yet been discovered on the official Android market, it doesn't mean that there aren't any or that there won't be in the future.
Google has already removed tens of trojanized apps from the official market following reports from security researchers and antivirus vendors, so the precedent is there.
DroidKungFu exploits two vulnerabilities in Android 2.2 (Froyo) and earlier versions in order to obtain root access and install a backdoor component.
These vulnerabilities have also been attacked by other Android trojans in the past, but DroidKungFu encrypts them in order to make antivirus detection more difficult.
"We have tested it on two leading mobile security apps and neither detected DroidKungFu," NC State University assistant professor Xuxian Jiang and Ph.D. student Yajin Zhou, say.
When DroidKungFu is executed on a phone, it will install a backdoor app called "legacy" with root privileges. This app poses as the legitimate Google Search and even copies its icon.
The rogue app transforms the device into a botnet client awaiting for instructions. According to malware analysts from F-Secure, DroidKungFu can delete a specified file, open a certain URL, change the browser's homepage, as well as download, install and start apps.
The malware also sends information about the device back to the attackers. This data includes IMEI number, Android build, SDK version, the current phone number, the network operator, the type of net connectivity, and the amount of memory available.
Users are advised to exercise caution when installing Android apps, particularly to the permissions they request. Trojanized apps will always ask for extensive permissions that are not normally required for the app to function.