Since new malicious application using vulnerability of Gingerbread(Android SDK 2.3 version) has been found, user who has Ginderbread's device needs to be careful on using.
This malicious application is designed to target Chinese user so far, however, there are a lot of possibilities emerging variants. We also found 10 more variants.
2. Spreading path and symptoms of infection
This repackaged malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
Upon installed, this will create execution icon as following, clicking icon will show you various entertainers.
* Run icon (Variants has different icon.)
* Run screen (It shows famous entertainers.)
* Detailed analysis
* Code for collecting information
After the installation, various Activities are registered including one receiver(GameBootReceiver), following code will help to leak various information to external site.
* Get root permission with using Gingerbread vulnerability
This malicious application can acquire root permission through Gingerbreak rooting technique using Gingerbread vulnerability with following code.
This malicious application uses "gbfm.png" file, one of packaged file in its inside, to acquire root permission.
Actually this file is "ELF" file, but just masqueraded as a PNG file. This disguised file can acquire root permission with shell command.
Additionally, gbmf of "gbmf.png" is known as abridged word of "GingerBreak For Me".
* Try additional apk file download
This malicious application can download certain apk file with the connection of external C&C server and tries to install additional package with acquired root permission mentioned above.
3. How to prevent
With the disclosure of Gingerbread vulnerability, appearance of various malicious applications can be prevalent.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.
■ Diagnosis name