Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Researcher eyes continued criminal focus on mobile

The discovery of new malware that obtains root access to the latest version of Android is a sign that cybercriminals are keeping pace with the evolution of mobile devices, a university researcher said Wednesday.

Xuxian Jiang, assistant professor at North Carolina State University in Raleigh, and his team last week discovered the first malware that uses a root exploit against Android version 2.3. Dubbed GingerMaster after Gingerbread, the codename for 2.3, the trojan is "repackaged" into legitimate applications that attempt to lure downloads in third-party stores, not the official Android Marketplace. In one example, the app promises pictures of models.

By having the ability to elevate to root, or administrator, level, the malware "can access all kinds of things it wants on the mobile phone," Jiang told on Wednesday. This includes email, pictures and other saved data, such as banking credentials.

The malware uploads the information it steals to a remote server, Jiang said. In addition, it connects to a command-and-control server to await additional instructions.

Previous exploits against version 2.3 were confined to specific files based on the permissions of the malicious apps that contained the malware, Jiang said. In this case, because GingerMaster exploits root access, the virus spreaders can create apps that do not require any permissions, making them more likely to be trusted and installed.

Other Android malware has used root exploits before, but never in the most recent version, Jiang said. That is a sure sign the criminal community has a serious mobile focus.

As usual, the professor advised users to only download apps from places they trust, inspect app user reviews and ratings, and be on the lookout for phones acting strangely, which could signal that they have been compromised.

A Google spokesperson did not return a phone call seeking comment. But Jiang said the vulnerability that the malware takes advantage of was patched in June.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.