Image TextImage TextImage TextImage TextImage Text

Tuesday, February 7, 2012

New Android malware downloads malicious code days after installed, could go undetected by Google’s Bouncer

A North Carolina State University professor has discovered new type of malware that could possibly evade Google’s malware-detecting Bouncer service. The new type of malware, called “Rootsmart” uses a process called “privilege escalation” to malware scanners such as Google’s Bouncer.
When a Rootsmart malware is first installed on a user’s phone, it contains no malicious code, making the app appear harmless. Since no malicious code is available on the app when it is first installed, it can bypass scans that could detect its true intentions. Once the app has been installed for hours (or days), it is then capable of downloading new code from remote servers to fulfill its malicious intent.
The malicious code that is downloaded to the device is the famous “Gingerbreak” exploit that is used to root many devices running Android 2.3 to 3.0. With the Gingerbreak exploit running on the user’s phone, the attacker can then call paid numbers, read data, listen through the microphone, and silently install other apps on the device.
Although this new type of malware was found, it was not found on Google’s Android Market. Instead, it was found on a Chinese app download website. However, this method of delaying malicious code from appearing on an app could make it possible for malicious apps to make their way to the Android Market.
Last week, Google announced a service called Bouncer that scanned all Android Market apps for malware, trojans, and viruses. In addition to scanning apps, Bouncer also simulates running apps on a device, so it’s possible that it could detect these malware apps that use privilege escalation to download malicious code.

0 comentarios:

Post a Comment


Powered by Blogger.