We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Android users hit by lethal Trojan root hack

First exploit for April's GingerBreak root crack found

Researchers have publicised probably the most dangerous Android malware examples yet discovered, a Trojan that exploits the GingerBreak root hack (CVE-2011-1823) in Android 2.3 that gained wide publicity after its discovery in April.

According to a team at North Carolina State University, which analysed the malware in conjunction with Chinese mobile security firm NetQin, 'GingerMaster' bears many of the hallmarks of the growing family of Android Trojans that currently circulate on third-party sites in China but with some interesting and dangerous new innovations.

Packaged as part of what appears to be a legitimate app showing pictures of women, GingerMaster uploads as much user and device information as it can to a remote server, including smartphone IMEI and telephone number. At this point the server will silently download malware exploiting the GingerBreak root hack which once installed will have complete control over the smartphone.

Because this is a root hack, the malware is able to bypass the Android system that controls app permissions, which brings home the seriousness of this type of fundamental attack. With such low-level access, Android security programs will be powerless to stop it and getting rid of it will for most users require a complete device wipe and factory reset.

Vulnerable versions of Android are 2.3.3 (Gingerbread) with anecdotal evidence that 2.2 (Froyo) can also be rooted by the Trojan. Google patched the vulnerability being attacked soon after its discovery in April but it is unlikely that many users will have received an update; networks seem reluctant to issue patches unless absolutely necessary because of the support workload involved.

The easiest way to avoid this malware for now is simply never to use third-party download sites and stick to Google's own Market.

It is dicey issues such as this which probably partly explain why Google felt it necessary to build its own hardware wing by buying Motorola's mobile division last week. This will give it some control over the way software versions are distributed to users, not to mention how frequently and effectively they are patched as new exploits arise.


IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...