Researchers at North Carolina State University have revealed a new Android malware called DroidKungFu, which has started to circulate which is able to avoid detection by most mobile anti-virus software, affecting all versions of Android up to and including Froyo (Android 2.2).
The two researchers, assistant professor Xuxian Jiang and student Yajin Zhou, identified two infected applications which were found to be in circulation on eight third-party app stores and forums based out of China. Although infected apps have only been found in Asia, audits of other applications marketplaces have only just begun.
DroidKungFu affects Android handsets in two ways; firstly it is able to take advantage of a backdoor in the Android software to load a backdoor on a device, allowing attackers to steal sensitive information on the device. Secondly, the handset could turned into a bot, allowing the device to be used to perform actions without a user’s permission.
The malware isn’t the first to be able to take advantage of the exploits, other pieces of software like DroidDream have used the same techniques. DroidKungFu differentiates itself by successfully avoiding detection by some of the most popular Android anti-virus apps.
The NC State article only states that the malware was tested on “two leading mobile security apps”, avoiding naming either one.
Whilst newer versions of Android limit what DroidKungFu can control, they aren’t entirely secure:
The security patches severely limit DroidKungFu, but it is still able to collect some user data – such as your mobile phone device ID number – and send them to a remote site.
Whilst anti-virus vendors work out the best way to deal with the malware, users will be able to protect themselves by downloading apps from trusted app stores and checking the permissions that apps request. This will lessen the risk but will not completely protect users.