New Android Malware Threat Arises – Could Potentially Bypass Google’s “Bouncer”
If you thought Google’s newly introduced malware detection tool, Bouncer, would be enough to allow you to go download crazy in the Android Market, you may want to have a seat.
According to Forbes, a North Carolina State University professor detailed on his blog how he and his team discovered a new malware threat that when installed, can evade virus scans and permission requests, making any wrongdoing virtually undetectable. Dubbed “Rootsmart, ” the app uses a process called “privilege escalation” that after having been installed for a few hours (days even), will begin downloading new code from a remote server hiding the data transfer in the phone’s normal communications.
The downloaded code is the ever popular “Gingerbreak” exploit that we’ve told you guys about in past which is able to gain complete access to a device’s SMS, phone calls, data — even recording sensitive phone conversations. Theoretically, Bouncer wouldn’t be able to detect malware in the app because the known malware (Gingerbreak in this case) wouldn’t initially be found in the app.
The cat-and-mouse game continues and like we’ve learned so many times in the past, where there are evildoers, nothing can ever be 100% full proof. Although the offending code has yet to be found anywhere in the Android Market (only 3rd party Chinese app site) one should always be cautious when installing apps from unknown sources — especially sketchy sites offering free pirated apps online.
[Forbes]