- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Chinese language app installs rootkit on Android phones
Lookout Mobile Security sent me a note to say it discovered a Chinese language app available for download on alternative Chinese app markets that has the ability to root an Android device.
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
Here's what Lookout's Tim Strazzere had to say in his analysis:
Last week we discovered a Chinese language app available for download on alternative Chinese app markets that has the ability to root an Android device, leaving the device vulnerable to future threats. The app, which provides calling plan management capabilities, contains a binary called zHash that attempts to root a device using the exploid exploit to break out of the Android security container – one of the same exploits used by the author(s) of DroidDream. It then leaves a backdoor root shell with the file name “zHash”, in the /system/bin directory.
There was also a version of this app available in the Android Market (same application package). However, while that version did contain the same zHash exploit binary, it did not contain the code required to invoke the exploit. However, the existence of the zHash binary leaves those phones vulnerable to future exploits. Google has removed the application from the Android Market, and has exercised the remote application removal feature to delete it from users’ phones. This only affects versions of the app downloaded through the Android market, and will not remove versions downloaded from alternative Chinese markets.
The app’s use of the backdoor shell is extremely limited and not clearly malicious, however, zHash creates a hole in the security layer of the phone, leaving it vulnerable to other applications wanting to take advantage of the device. If the device was successfully rooted by this app, any other app on the device could gain root access without the user’s knowledge.
Who is Affected?
Currently this threat mainly primarily affects Chinese Android phone owners who either downloaded the app through the Chinese app markets or the official Android Market. We believe that the number of downloads attributed to this app in the Android Market is under 5,000. All instances of the threat have been removed from the Android Market.
As the number of malware exploits on smartphones increase, it is more important than ever to pay attention to the apps you’re downloading.
Here are a few tips to stay safe:
--Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
--Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
--Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
--Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this threat.
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Obviously, Lookout wants you to use their security applications, and that's fair. They are a business, after all. And they did discover this latest threat. But for those looking for other choices, here are some:
--WaveSecure Mobile Security from McAfee
--Mobile Security (by Trend Micro)
--Antivirus app from NetQin Security
More details on these apps HERE and HERE.
Good morning, and good luck.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment
- Cloud-based Cyber Security: A Hybrid Approach to Threat Detection and DDoS Mitigation IDC Technology Spotlight
- How Identity and Access Intelligence Will Revolutionize IAM
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Defending Against Increasingly Sophisticated Cyber Attacks
- Rethinking Your Enterprise Security - Critical Priorities to Consider