Blog
Ranjeet Menon

Android malware gains root access

August 26, 2011
0
Estimated reading time: 1 minute

A new malware affecting the latest version of Android operating system (2.3 – Gingerbread) is now out in the wild and masquerading as an app featuring some “Beauty of the Day” photos.

The package I downloaded uses the following permissions:
android.permission.READ_PHONE_STATE
android.permission.READ_LOGS
android.permission.DELETE_CACHE_FILES
android.permission.ACCESS_CACHE_FILESYSTEM
android.permission.WRITE_SECURE_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_OWNER_DATA
android.permission.WRITE_OWNER_DATA
android.permission.WRITE_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RESTART_PACKAGES

Using Gingerbreak, which is the the latest exploit for gaining root access to Gingerbread, the malware gathers information about the infected device and sends it to remote servers. In addition to exfiltrating the IMEI, phone number and SIM serial no., GingerMaster creates a backdoor root shell stored in the system partition in an attempt to survive after software upgrades to allow an attacker access to the device.

Quick Heal detects these malware files as Android.Lotoor.B and protects its users.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image