NQ Mobile Security Research Center has recently uncovered a new malware DKFBootKit. This
malware is identified when monitoring and analyzing the evolution of
earlier DroidKungFu variants. What sets DKFBootKit apart from malware
like DroidDream, is that DKFBootKit replaces certain boot processes and
can begin running even before the system is completely booted up.
DKFBootKit repackages legitimate
apps by enclosing its own malicious payloads in them. However, the
victim apps it chooses to infect are utility apps which require the root
privilege to work properly. NQ says the malicious code has already
infected 1,657 Android devices in the past two weeks and has appeared on
at least 50 different mobile apps.
These apps seem to have legitimate
reasons to request root privilege for their own functionality. It is
also reasonable to believe that users will likely grant the root
privilege to these apps. DKFBootKit makes use of the granted root
privilege for other malicious purposes, namely comprising the system
integrity.
In order to avoid being infected by this beast, NQ recommends three commonsense steps:
- First, don't download any apps from sketchy app stores.
- Second, don't accept app permissions from unknown sources and always be sure to read the permissions an app is requesting.
- Third, download a security app that can scan your apps for you to search for malicious code.
NQ Mobile Security for Android is available for download.
0 comments:
Post a Comment