New Android Malware Threat Arises – Could Potentially Bypass Google’s “Bouncer”

If you thought Google’s newly introduced malware detection tool, Bouncer, would be enough to allow you to go download crazy in the Android Market, you may want to have a seat.

According to Forbes, a North Carolina State University professor detailed on his blog how he and his team discovered a new malware threat that when installed, can evade virus scans and permission requests, making any wrongdoing virtually undetectable. Dubbed “Rootsmart, ” the app uses a process called “privilege escalation” that after having been installed for a few hours (days even), will begin downloading new code from a remote server hiding the data transfer in the phone’s normal communications.

The downloaded code is the ever popular “Gingerbreak” exploit that we’ve told you guys about in past which is able to gain complete access to a device’s SMS, phone calls, data — even recording sensitive phone conversations. Theoretically, Bouncer wouldn’t be able to detect malware in the app because the known malware (Gingerbreak in this case) wouldn’t initially be found in the app.

The cat-and-mouse game continues and like we’ve learned so many times in the past, where there are evildoers, nothing can ever be 100% full proof. Although the offending code has yet to be found anywhere in the Android Market (only 3rd party Chinese app site) one should always be cautious when installing apps from unknown sources — especially sketchy sites offering free pirated apps online.

[Forbes]

Continue reading:




  • BoSoMobi

    “… 
    one should always be cautious when installing apps from unknown sources — especially sketchy sites offering free pirated apps online.”

    or, you could just, maybe, say for novelty, not pirate, and support developers.

    concept.

  • DrMacinyasha

    “uses a process called ‘privilege escalation’”

    In the Android world, we have a term for that: Rooting.

    So, to correct and summarize the article, this new app roots a phone without consent, then downloads bad things. Except since it contains Gingerbreak, it (a) won’t be effective on newer devices running 2.3.7+ or so, and (b) should be picked up by Bouncer unless it downloads Gingerbreak post-install.

    Nice FUD-spreading, Phandroid.

    • http://roofus.me/ RoofusKit

      Exactly, not to mention Bouncer is no more static than any other piece of malware detecting software.

    • http://twitter.com/gamercore Chris Chavez

      Only problem is there are plenty of devices still on Android 2.3.4 (Evo 3D for example) and below. And yeah, the app does download Gingerbreak post-install.

      I’m not here to make Android look good. I’m also not trying to spread fear. 
      I just felt that 1. It was news. And 2. It was something our readers should be aware of. Hopefully this will keep more people off warez sites and in the Market where they will develop better downloading habits by being more cautious of what they install to their device.

      • essohdee

        gingerbreak doesn’t work on the EVO 3D it was patched from day 1. I tried it when the 3D came out but we had to wait for Fr3vo and Revolution.

  • Matt S

    You people are constantly talking crap about phandroid news… Why not just stop reading instead of giving people crap for doing their job?

    • RitishOemraw

      you people are constantly talking crap about phandroid replies…Why not just stop reading isntead of giving people crap for expressing their opinnion?
       
      Seriously….if you can’t handle a certain degree of flaming/trolling/criticism or other possibly inappropriate comments, the internet is not a place for you.
      Sure, there is uncalled brutal flamefests, but I haven’t seen that on phandroid yet!

  • endinyal

    Yep, and when those rare times when another, popular mobile OS has news even remotely, distantly similar to this, the entire civilized media and android world drops the hammer on them.

    Sad reality is, news like this is such the norm for Android that it’s just assumed to be an insecure system that just cannot be fully trusted in a corporate environment, let alone joe-consumer’s phone.

    • slaguru

      Agreed. 

      This is the legacy of ‘Open’. Its not always a bed of roses, and the Android community should kick up a stink about it as much as they would if iOS had the same issue.

      • New_Guy777

        iOS is vulnerable to the same type of after market-downloading viruses.  They were hit with several about a year ago.

        • slaguru

          Point is I don’t care if iOS is vulnerable, its the fact that Android fans seem to become apologists for Google over an issue that they would crucify Apple for. 

          • New_Guy777

            I see now where the disconnect lies.  You’re calling the issue “crucifying.”  I call it:

            Trying to get the attention of people who squench their eyes shut, stick their fingers in their ears, and sing, “I caaan’t heeaar yooouuu, I caaan’t heeaar yooouuu!  La la la la!”

            My point, just because Android is vulnerable to this type of malware doesn’t make the ecosystem weak.  If that’s the case, EVERY ecosystem is weak, because no one yet has an answer to this kind of attack.

    • New_Guy777

      News like this, 9 times out of 10, is referring to the things found in the dark alleys of the internet.  The other 1 out of 10 is what the average smartphone user needs to be worried about.  And I can remember a couple of iOS exploits that caused them to do remote uninstalls.  The fact is, apps that download malicious code after the initial download are a clever way to get around just about any malware sniffing software.

  • Nemesys06

    Viruses and malware will always be an issue with today’s smartphones. these phones are so software reliant that hackers are always looking for a new way to exploit them. IPhones are just as open when it comes to viruses

  • Justin

    Too bad Gingerbreak has been patched in probably most phones. Anything running higher than 2.3.3 most likely. Still a threat to some though. Now If they found a different exploit to use that was relatively new it could prove to be a real threat. Let’s hope they don’t. :)

  • Smacn Deez

    @Gamercore:disqus  , I believe you meant ‘FOOL proof’..

    “nothing can ever be 100% full proof.”

  • Smacn Deez

     But seriously, thank you for your work here.