The first piece of malware for Android 2.3 ‘Gingerbread’ has been spotted. Working alongside NetQin – a mobile security firm, security researcher Xuxian Jiang has located and detailed the inner workings of GingerMaster, the first piece of malware that attacks Android Gingerbread.
Using Gingerbreak, which is the the latest exploit for gaining root access to Gingerbread, the malware gathers information about the infected device and sends it to a remote server. In addition to exfiltrating the IMEI, phone number and SIM serial, GingerMaster creates a backdoor root shell, stored in the system partition in an attempt to survive after software upgrades, to allow for an attacker to access the device at will.
The malware also acts as a trojan horse. Registering on a remote server, the application will sit and wait for instructions on a ‘command and control’ channel. This allows for an attacker to remotely trigger events, such as downloading and installing more malware without the user knowing or reading personal information saved on the phone.
With more and more malware for Android popping up, looking to mobile security software as a means to protect your device is a good choice, but using more common sense with downloading applications from official stores and understanding the risks of giving permissions to apps, is a better way to protect yourself from these threats. While both Google and Apple are looking for ways to implement a “kill switch” for unauthorized devices or applications, this is a reactive measure to an inherent problem with all security implementations – they rely on the user.