A new malware affecting the latest version of Android operating system (2.3 – Gingerbread) is now out in the wild and masquerading as an app featuring some “Beauty of the Day” photos.<\/p>\n
The package I downloaded uses the following permissions:
\nandroid.permission.READ_PHONE_STATE
\nandroid.permission.READ_LOGS
\nandroid.permission.DELETE_CACHE_FILES
\nandroid.permission.ACCESS_CACHE_FILESYSTEM
\nandroid.permission.WRITE_SECURE_SETTINGS
\nandroid.permission.ACCESS_NETWORK_STATE
\nandroid.permission.INTERNET
\nandroid.permission.WRITE_EXTERNAL_STORAGE
\nandroid.permission.MOUNT_UNMOUNT_FILESYSTEMS
\nandroid.permission.READ_OWNER_DATA
\nandroid.permission.WRITE_OWNER_DATA
\nandroid.permission.WRITE_SETTINGS
\ncom.android.launcher.permission.INSTALL_SHORTCUT
\ncom.android.launcher.permission.UNINSTALL_SHORTCUT
\nandroid.permission.RECEIVE_BOOT_COMPLETED
\nandroid.permission.RESTART_PACKAGES<\/p>\n
Using Gingerbreak, which is the the latest exploit for gaining root access to Gingerbread, the malware gathers information about the infected device and sends it to remote servers. In addition to exfiltrating the IMEI, phone number and SIM serial no., GingerMaster creates a backdoor root shell stored in the system partition in an attempt to survive after software upgrades to allow an attacker access to the device.<\/p>\n