Researchers at North Carolina State University (NCSU) in collaboration with mobile security firm NetQin, have identified new malware which apparently has ability to gain root access on Android 2.3 device through a known exploit.
The new malware is said to be a potent variant of the DroidKungFu malware that has been originally discovered in April this year in unauthorized Android apps in the Chinese app market.
According to blog posted by the team, the malicious code, GingerMaster, takes advantage of the most recent root exploit against Android platform 2.3, which was discovered in April.
This file is actually the virus, which ends up on unprotected Android devices through legitimate apps that have been compromised. The malware gives the attacker complete control of the operating system.
The malware first gains root access and installs a secret background service that reads the device ID number, phone number and other data. It then uploads this information to a remote server and waits for instructions.
Once installed, GingerMaster can download and install apps by itself without the owner’s knowledge or permission.
"As this is the first time such malware has been identified, it is not surprising when our experiments show that it can successfully evade the detection of all tested leading mobile antivirus software," the blog states.
As a warning to mobile users, the NCSU researchers recommended that Android 2.3 users must rely on gumption whether an app contains GingerMaster or any malware, better yet, avoid downloading outside the Android Market and always read access permissions.