Android OS Security Alert

General discussion about MMORPGs, Neocron, SXR, or anything else you feel like blabbing about.
Forum rules
Welcome to the Official SynergyXR Forums! You will have to register to post and if you're new here, please read our Welcome Post and Forum Rules.
Post Reply
User avatar
a4nic8er
1500+ Posts
Posts: 1527
Joined: Fri Dec 31, 2004 1:24 am
Xfire ID: a4nic8er
Neocron Characters: A-Four
Afk
Afornicater
BlackWilly
Lag
Oh Noes
Taxi
Utu
Fallen Earth Characters: Lara Craft (55 - Pistols/Tradeskiller)
Lag (55- Melee/Mutant)
Packet Loss (55 - Rifle)
Adol Fittler (31 - Mule)
Global Agenda Character: Afore_AdolFittler
Operating System: Win10 Pro 64
CPU: Intel Core i9 9900K
CPU Heatsink/Cooler: Cooler Master MasterLiquid ML360R
Motherboard: MSI MPG Z390 GAMING PRO CARBON
Memory (RAM): CORSAIR Vengeance RGB Pro 32GB DDR4
Video Card: GV-N2070AORUS X-8GC
Hard Drive: Samsung 850 EVO 120GB SATA3 SSD
Hard Drive (Secondary): Samsung 860 EVO 1TB SATA3 SSD
Monitor: Acer Predator XB271HUA
Secondary Monitor: BenQ XL2411T
Keyboard: Logitech G13
Mouse: LOGITECH G502 Proteus Core
Case: Cooler Master COSMOS S
Power Supply: Silverstone OP1000-E 1000W
Rig Accessory: D-Link DNS-343 NAS
Internet Connection: aDSL 10/1Mbps
Location: New Zealand
Contact:

Android OS Security Alert

Post by a4nic8er »

Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit
By Xuxian Jiang, Assistant Professor, Department of Computer Science, NC State University
Last August, we reported the first Android malware, GingerMaster, which makes use of the GingerBreak root exploit (affecting Android devices with versions less than 2.3.3 and 3.0). Today, my research team, in collaboration with NQ Mobile, has identified a new malware called RootSmart that follows the GingerMaster step and becomes the second to utilize the GingerBreak exploit.

Different from GingerMaster, this new malware does not directly embed the root exploit inside the app. Instead, it dynamically fetchs the GingerBreak root exploit from a remote server and then executes it to escalate its privilege. Such attack is reminiscent of an earlier proof-of-concept app called RootStrap that was written by Jon Oberheide to demonstrate such capability. But RootSmart seriously substantiates this threat as the first such malware in the wild. It also reminds the earlier Plankton spyware. But Plankton does not contain any root exploit.

After obtaining the root privilege, RootSmart will further silently download and install other malware from remote server without user's knowledge. During our analysis, we have successfully captured a DroidLive malware that was downloaded from the remote C&C server.
DSLReports discussion
User avatar
satransisuu
1000+ Posts
Posts: 1087
Joined: Wed Oct 06, 2004 4:48 pm
WoW Server: Nathrezim
Location: Rochester, NY
Contact:

Re: Android OS Security Alert

Post by satransisuu »

This particular malware was found in alternative Android Markets, not in the official Android Market. For mitigation, please follow common-sense guidelines for smartphone security. For example,
download apps from reputable app stores that you trust; and always check reviews, ratings as well as developer information before downloading;
check the permissions on apps before you actually install them and make sure you are comfortable with the data they will be accessing;
be alert for unusual behavior on the part of mobile phones and make sure you have up-to-date security software installed on your phone.
FN: hey sat, what did you tell your parents when you left?
Me: i told them i was going out to study
FN: ......................
Image
Post Reply