Now that Google’s Bouncer is protecting the digital confines of the Android Market, users can rest easy knowing their experience will be malware free. Or so they thought. A newer, smarter malware has reportedly been uncovered that has the ability to evade “any scans or requests for permission that might catch its intentions on installation,” which is a key defense of Bouncer. The cat-and-mouse games have officially begun.
Discovered by North Carolina State University professor Xuxian Jiang, the malware downloads new code from a remote server by hiding away its malicious data transfer in the phone’s communications – all without the user even knowing. The trick, which is referred to as “privilege escalation,” includes a familiar Android foe, “GingerBreak,” an exploit that gives hackers access to every single function of the captive phone – data, call eavesdropping, or installing any other apps silently.
Jiang is calling the newest discovery Rootsmart, but he says the malware thus far isn’t a threat to American Android users. It hasn’t been discovered in any app worth downloading, and it was actually found on a Chinese app download site, not the official Android Market. Still, Android users should always be vigilant of what they’re putting on their phones. The app demonstrates a technique that easily evades Bouncer, which Google only recently revealed.
“Given that Rootsmart doesn’t initially contain malware and may wait out Bouncer’s period of testing before downloading any new code, it’s not clear that Google’s Android Market scans would catch it,” Forbes wrote.
Jiang added, “At the very least, this would cause some challenges for a Bouncer-like system. I expect we’ll see more of this in the future.”
Even though there haven’t been any reported cases of Rootsmart appearing in the Android Market, users should be cautious, and make sure they’re downloading apps from reputable developers.