Wednesday, August 17, 2011

Security Alert: New DroidKungFu Variant -- AGAIN! -- Found in Alternative Android Markets

By Xuxian Jiang, Assistant Professor, Department of Computer Science, NC State University

It seems smartphone malware authors are diligent and hard-working to protect their own "intellectual property" -- malware by evolving/bringing them to the next level. After discovering the originalDroidKungFu malware in June and its variant in July, our research team, in collaboration with NetQin, recently identified a new wave of DroidKungFu-infected apps this August. The new variant is much more "advanced" than previous versions -- as it is clearly designed to evade the detection from existing mobile anti-virus software. More specifically, this variant is equipped with new protection mechanisms by (1) obfuscating remote C&C server URLs (instead of including them as plaintext in earlier versions); (2) hiding all malware-related native binaries with encryption; and (3) masquerading an embedded app as the official Google Update. These obfuscation mechanisms as well as various differences from earlier versions are a clear sign behind the rapid evoluation of Android malware.

Read More >>

Source & Full Article : http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu3/

No comments: