Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Up to five variants of the ‘DroidKungFu' mobile virus have been detected.
According to Axelle Aprville, senior computer security engineer at Fortinet, all of the variants share the same malicious commands, can download and install new software packages, start a program, open a given URL in the browser or delete a package.
In order to do this, all but variant A (which uses a unique server) contact the same three remote web servers.
“As for differences, mainly they rely on whether the sample uses exploits, whether the malicious functionalities are implemented natively, and whether the payload is encrypted with AES, and the key it uses,” said Aprville.
A report by North Carolina State University from earlier this year said that DroidKungFu contains advanced techniques to avoid detection by mobile anti-virus software, and a test on two leading mobile security apps by assistant professor Xuxian Jiang and student Yajin Zhou failed to detect DroidKungFu.
According to Derek Manky, senior security strategist at Fortinet, DroidKungFu represents the next evolution in mobile malware – as where Zeus in the Mobile (Zitmo) was able to intercept two-factor authentication, DroidKungFu does much more.
“By disguising itself as a legitimate VPN client application, the malware quickly gains root access to the device using social engineering. Once executed, DroidKungFu has the ability to download further malware, open URLs in a browser, start programs and delete files on the system,” he said.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.