Enter The Hacker: New DroidKungFu Malware Is Bad News For Androids

06.04.2011 |

There's new Android malware to worry about: DroidKungFu

Computer science researchers at NC State have identified new Android malware, called DroidKungFu, which appears to be able to avoid detection by mobile anti-virus software.

The researchers, assistant professor Xuxian Jiang and Ph.D. student Yajin Zhou, have so far identified at least two DroidKungFu-infected applications for Android platforms, which are circulated in more than eight third-party Android app stores and forums based in China. The researchers haven’t found infected apps in non-Chinese app stores yet – but they are only now beginning to look.

DroidKungFu contains advanced techniques to avoid detection by mobile anti-virus software. At the time of this writing, Jiang and Zhou have tested the malware on two leading mobile security apps – and neither detected DroidKungFu.

That’s bad news, because DroidKungFu can do a couple nasty things, depending on which version of Android you are using.

In Android versions 2.2 (Froyo) and earlier, DroidKungFu takes advantage of two vulnerabilities in the platform software to install a backdoor that gives hackers full control of your phone. Not only do they have access to all of your user data, but they can turn your phone into a bot – and basically make your smartphone do anything they want.

Previously identified malware, such as DroidDream, has also taken advantage of these two vulnerabilities. But Jiang and Zhou think DroidKungFu is different because, based on early results of their research, it does a better job of avoiding detection by security software.

And, while later versions of Android have patched these vulnerabilities, they aren’t entirely secure. The security patches severely limit DroidKungFu, but it is still able to collect some user data – such as your mobile phone device ID number – and send them to a remote site.

The researchers are currently discussing this problem with leading anti-virus software companies. In the meantime, what can you do about it? Follow basic, common-sense guidelines for smartphone security: only download apps from a store that you trust; check the permissions on apps before you install them (and make sure you’re comfortable with the data they’ll be accessing); and make sure you have up-to-date security software installed on your phone.

This won’t guarantee protection, but it will mitigate your risk.

Frequent Abstract readers may recognize Jiang’s name. We wrote earlier this year about his identification of a security vulnerability in Android 2.3 (Gingerbread).

Tags:


69 Responses to “Enter The Hacker: New DroidKungFu Malware Is Bad News For Androids”

  1. [...] and yet another malicious program has infiltrated Google’s platform. According to the North Carolina State University blog, the malware is being dubbed “DroidKungFu,” and has yet to be detected by mobile anti-virus [...]

  2. [...] Chinese forums and third-party software sites. Researchers at North Carolina State University discovered the malware, which has gone undetected by mobile anti-virus software thus far. The good news is you can do a [...]

  3. [...] [via North Carolina State University Blog] [...]

  4. [...] the Android Marketplace last week due to excessive Malware and virus problems. According to the North Carolina State University Blog, a new type of malware called DroidKungFu works like the previously removed DroidDream, although [...]

  5. [...] [via North Carolina State University Blog] [...]

  6. [...] NC State’s Xuxian Jiang, discovered the Plankton and YZHCSMS malware shortly after uncovering the DroidKungFu malware late last week. We’ll tackle the two pieces of malware [...]

  7. [...] developing about a new version that functions just like the previous malware according to North Carolina State University Blog and this time, they call it the “DroidKungFu”. They said that the malware was created in an [...]

  8. [...] and yet another malicious program has infiltrated Google’s platform. According to the North Carolina State University blog, the malware is being dubbed “DroidKungFu,” and has yet to be detected by mobile anti-virus [...]

  9. [...] the blog In Android versions 2.2 (Froyo) and earlier, DroidKungFu takes advantage of two vulnerabilities in [...]

  10. [...] Jiang’s technical analysis of the new variants is available here. An overview of DroidKungFu is available here. [...]

  11. [...] NC State team, led by Xuxian Jiang, has previously discovered DroidKungFu, Plankton and YZHCSMS – as well as variations on DroidKungFu uncovered last week and a [...]

  12. [...] the past two months, the NC State team also discovered DroidKungFu, GoldDream, Plankton and YZHCSMS, and HippoSMS – as well as variations on DroidKungFu and a [...]

  13. [...] the previous generations of DroidKungFu, the latest iteration takes advantage of two vulnerabilities in the platform software of Android [...]

  14. [...] developing about a new version that functions just like the previous malware according to North Carolina State University Blog and this time, they call it the “DroidKungFu”. They said that the malware was created in an [...]

  15. [...] June this year, researchers at North Carolina State University identified a new Android malware called DroidKungFu that avoids detection by masquerading as a VPN [...]

  16. [...] developing about a new version that functions just like the previous malware according to North Carolina State University Blog and this time, they call it the “DroidKungFu”. They said that the malware was created in an [...]

  17. Your post is valuable to me so thanks for it.. I am constantly looking for more useful facts like this. Please keep posting about this.

  18. [...] Jiang and his team have been the first to identify dozens of Android malware programs, including DroidKungFu and [...]

  19. […] was discovered by North Carolina State University researchers, who announced it was affecting all Android OS […]

Leave a Reply