We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Android users hit by lethal Trojan root hack

First exploit for April's GingerBreak root crack found

Researchers have publicised probably the most dangerous Android malware examples yet discovered, a Trojan that exploits the GingerBreak root hack (CVE-2011-1823) in Android 2.3 that gained wide publicity after its discovery in April.

According to a team at North Carolina State University, which analysed the malware in conjunction with Chinese mobile security firm NetQin, 'GingerMaster' bears many of the hallmarks of the growing family of Android Trojans that currently circulate on third-party sites in China but with some interesting and dangerous new innovations.

Packaged as part of what appears to be a legitimate app showing pictures of women, GingerMaster uploads as much user and device information as it can to a remote server, including smartphone IMEI and telephone number. At this point the server will silently download malware exploiting the GingerBreak root hack which once installed will have complete control over the smartphone.

Because this is a root hack, the malware is able to bypass the Android system that controls app permissions, which brings home the seriousness of this type of fundamental attack. With such low-level access, Android security programs will be powerless to stop it and getting rid of it will for most users require a complete device wipe and factory reset.

Vulnerable versions of Android are 2.3.3 (Gingerbread) with anecdotal evidence that 2.2 (Froyo) can also be rooted by the Trojan. Google patched the vulnerability being attacked soon after its discovery in April but it is unlikely that many users will have received an update; networks seem reluctant to issue patches unless absolutely necessary because of the support workload involved.

The easiest way to avoid this malware for now is simply never to use third-party download sites and stick to Google's own Market.

It is dicey issues such as this which probably partly explain why Google felt it necessary to build its own hardware wing by buying Motorola's mobile division last week. This will give it some control over the way software versions are distributed to users, not to mention how frequently and effectively they are patched as new exploits arise.


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model