We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,721 News Articles

Android users hit by lethal Trojan root hack

First exploit for April's GingerBreak root crack found

Researchers have publicised probably the most dangerous Android malware examples yet discovered, a Trojan that exploits the GingerBreak root hack (CVE-2011-1823) in Android 2.3 that gained wide publicity after its discovery in April.

According to a team at North Carolina State University, which analysed the malware in conjunction with Chinese mobile security firm NetQin, 'GingerMaster' bears many of the hallmarks of the growing family of Android Trojans that currently circulate on third-party sites in China but with some interesting and dangerous new innovations.

Packaged as part of what appears to be a legitimate app showing pictures of women, GingerMaster uploads as much user and device information as it can to a remote server, including smartphone IMEI and telephone number. At this point the server will silently download malware exploiting the GingerBreak root hack which once installed will have complete control over the smartphone.

Because this is a root hack, the malware is able to bypass the Android system that controls app permissions, which brings home the seriousness of this type of fundamental attack. With such low-level access, Android security programs will be powerless to stop it and getting rid of it will for most users require a complete device wipe and factory reset.

Vulnerable versions of Android are 2.3.3 (Gingerbread) with anecdotal evidence that 2.2 (Froyo) can also be rooted by the Trojan. Google patched the vulnerability being attacked soon after its discovery in April but it is unlikely that many users will have received an update; networks seem reluctant to issue patches unless absolutely necessary because of the support workload involved.

The easiest way to avoid this malware for now is simply never to use third-party download sites and stick to Google's own Market.

It is dicey issues such as this which probably partly explain why Google felt it necessary to build its own hardware wing by buying Motorola's mobile division last week. This will give it some control over the way software versions are distributed to users, not to mention how frequently and effectively they are patched as new exploits arise.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...