The first example of a malware program specifically targeted at the latest version of Google's Android mobile OS, known as Gingerbread, was discovered this month by North Carolina State University researcher Xuxian Jiang.
Worryingly, Jiang wrote in a recent blog entry announcing his find, the so-called GingerMaster malware takes advantage of a known root access vulnerability to evade detection by most mobile antivirus software systems.
According to Jiang, GingerMaster is a development of the known DroidKungFu malware, which uses a similar root access exploit to get around data protection measures on devices running Android 2.2 and below.
GingerMaster is distributed primarily through repackaged versions of popular Android apps, the researcher said.
Jiang said that the infection is a two-stage process. First, GingerMaster is installed via a compromised .apk, at which point it contacts a C&C server and sends a large amount of information, including phone number and device ID. In response, the C&C server downloads the aforementioned exploit itself, which installs the malware silently on the infected device and grants itself root access.
The researcher stressed that the malware is a serious threat to data security on Android devices, and urged users to download files only from reputable app markets. Additionally, he said, internet security programs should be used and regularly updated to provide additional protection against GingerMaster and other potential threats. Carefully monitoring phone behavior for unusual activity and thoroughly understanding all permissions requested by an app during installation are also good ways to ensure a mobile device doesn't get infected by malicious code.
CSO Online reported that GingerMaster and similar precursors like DroidKungFu are most frequently found on third-party app markets hosted in China. That publication also noted that Google's recent purchase of Motorola may be an attempt to help regulate the way its software is distributed to end users and improve data protection possibilities.
According to ComputerWorld, numerous data protection companies agree that the amount of Android malware in the wild has spiked noticeably in recent months, undoubtedly due to the correspondingly rapid increases in the number of Android users. Such malware has even been seen in the official Android app store, as Google was forced to yank a number of apps this spring when they were found to be infected with the DroidDream Trojan.
