Researchers have identified the first malware – called GingerMaster – in any market that utilizes a root exploit to take over phones running Android 2.3 (Gingerbread).
A root exploit allows the malware to operate freely because it functions at the most fundamental level of the Android system, where there are no security checks. GingerMaster gives hackers full access to the smartphone and its programs, and turns the phone into a “bot” that can be controlled remotely by hackers. A technical write-up of the malware can be found here.
The vulnerability that this malware is exploiting was identified in April, but this is the first malware found “in the wild” that takes advantage of the vulnerability.
GingerMaster was first identified Aug. 18 by Xuxian Jiang and his team at NC State, in partnership with mobile security company NetQin. So far, it has only been found in a few apps in alternative Chinese markets.
Jiang also recently discovered a new iteration of the DroidKungFu malware, which utilizes root exploits against earlier versions of the Android operating system.