Computer science researchers at NC State have identified new Android malware, called DroidKungFu, which appears to be able to avoid detection by mobile anti-virus software.
The researchers, assistant professor Xuxian Jiang and Ph.D. student Yajin Zhou, have so far identified at least two DroidKungFu-infected applications for Android platforms, which are circulated in more than eight third-party Android app stores and forums based in China. The researchers haven’t found infected apps in non-Chinese app stores yet – but they are only now beginning to look.
DroidKungFu contains advanced techniques to avoid detection by mobile anti-virus software. At the time of this writing, Jiang and Zhou have tested the malware on two leading mobile security apps – and neither detected DroidKungFu.
That’s bad news, because DroidKungFu can do a couple nasty things, depending on which version of Android you are using.
In Android versions 2.2 (Froyo) and earlier, DroidKungFu takes advantage of two vulnerabilities in the platform software to install a backdoor that gives hackers full control of your phone. Not only do they have access to all of your user data, but they can turn your phone into a bot – and basically make your smartphone do anything they want.
Previously identified malware, such as DroidDream, has also taken advantage of these two vulnerabilities. But Jiang and Zhou think DroidKungFu is different because, based on early results of their research, it does a better job of avoiding detection by security software.
And, while later versions of Android have patched these vulnerabilities, they aren’t entirely secure. The security patches severely limit DroidKungFu, but it is still able to collect some user data – such as your mobile phone device ID number – and send them to a remote site.
The researchers are currently discussing this problem with leading anti-virus software companies. In the meantime, what can you do about it? Follow basic, common-sense guidelines for smartphone security: only download apps from a store that you trust; check the permissions on apps before you install them (and make sure you’re comfortable with the data they’ll be accessing); and make sure you have up-to-date security software installed on your phone.
This won’t guarantee protection, but it will mitigate your risk.
Frequent Abstract readers may recognize Jiang’s name. We wrote earlier this year about his identification of a security vulnerability in Android 2.3 (Gingerbread).