http://news.techworld.com/security/3298629/android-users-hit-by-lethal-trojan-root-hack/ By John E Dunn Techworld 23 August 11 Researchers have publicised probably the most dangerous Android malware examples yet discovered, a Trojan that exploits the GingerBreak root hack (CVE-2011-1823) in Android 2.3 that gained wide publicity after its discovery in April. According to a team at North Carolina State University, which analysed the malware in conjunction with Chinese mobile security firm NetQin, ‘GingerMaster’ bears many of the hallmarks of the growing family of Android Trojans that currently circulate on third-party sites in China but with some interesting and dangerous new innovations. Packaged as part of what appears to be a legitimate app showing pictures of women, GingerMaster uploads as much user and device information as it can to a remote server, including smartphone IMEI and telephone number. At this point the server will silently download malware exploiting the GingerBreak root hack which once installed will have complete control over the smartphone. Because this is a root hack, the malware is able to bypass the Android system that controls app permissions, which brings home the seriousness of this type of fundamental attack. With such low-level access, Android security programs will be powerless to stop it and getting rid of it will for most users require a complete device wipe and factory reset. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Wed Aug 24 2011 - 00:55:34 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 24 2011 - 00:49:46 PDT