Security

Update apps, get malware

From the "Wow that's cool, hope it doesn't happen to me" files comes news that F-Secure has discovered an Android application that will update itself and install malware known as DroidKungFu.

The technique used is to install an application free of the trojan, then once installed, immediately notify the user that an update is available. This update will ask for additional privileges to access SMS and MMS messages, as well as the location data, and once the user agrees to give access, the trojan is installed.

Once installed on the system, the trojan gains root superuser privileges by using an exploit for Android 2.2.

F-Secure says that DroidKungFu will forward confidential details onto a remote server and is distributed on non-authorised Android app sites as trojanised versions of legitimate applications.

Full details including screenshots are available on F-Secure's blog.

This is a rather interesting way to get malware onto a device. By updating an already-installed application, the malware makers are hoping that users are much less likely to check permission requests on an update.

The really pertinent part for developers is that F-Secure is unsure whether the original developer intended for their software to be used to distribute malware. F-Secure opines that it is possible that the developer's back-end has been compromised.

How secure are your mobile deployment servers? Would you know if a third party compromised your APKs?

About

Some would say that it is a long way from software engineering to journalism, others would correctly argue that it is a mere 10 metres according to the floor plan.During his first five years with CBS Interactive, Chris started his journalistic advent...

3 comments
Spitfire_Sysop
Spitfire_Sysop

Is DroidKungFu detectable by all the major Android anti-virus products?

HollyLouise
HollyLouise

...to my good friend, Mick for finding that.

Editor's Picks