Prototype rootkit silently modifies Android apps

Powered by SC Magazine
 

Installed web browser replaced with keylogger doppelganger.

Researchers have developed a rootkit that can manipulate and steal data from Android applications.

The rootkit swapped the phone’s web browser with one that stole user data and could be similarly used to replace or remove any installed applications.

It attacked the Android framework on versions 4.0 and below, and could be delivered to users through an infected application.

Android 4.1, dubbed 'Jelly Bean', was announced last week but is yet to be officially released for some phones.

Developer of the rootkit, Xuxian Jiang from the NC State University computer science department, said the prototype was sophisticated but simple to develop.

“The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it," he said.

The rootkit did not require Android devices to be restarted nor modifications made to the firmware. It required user permission to be installed but it did not indicate the malicious intent of the app, Jiang said.

“But there is good news. Now that we’ve identified the problem, we can begin working on ways to protect against attacks like these.”

Jiang’s research was part of the Android Malware Genome Project which was dedicated to characterising Android malware.

Together with university colleague Yajin Zhou, the project collected more than 1200 malware samples in the 12 months from October 2010 covering most Android malware families.

Each was categorised according to installation methods, activation mechanisms and payloads.

It found mobile anti-virus platforms detection rates ranged between 79.6 percent and 20.2 percent as of November last year.

Detailed information on the project’s malware categorisation was available in its technical paper (pdf).

Copyright © SC Magazine, Australia


Prototype rootkit silently modifies Android apps
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 815

Vote