Home / Android 多媒體圖形開發 / 新型的Android惡意軟體出現-可能繞過Bouncer的偵測

新型的Android惡意軟體出現-可能繞過Bouncer的偵測

New Android Malware Threat Arises – Could Potentially Bypass Google’s “Bouncer”

by Chris Chavez on February 7th, 2012 at 12:07 am

If you thought Google’s newly introduced malware detection tool, Bouncer, would be enough to allow you to go download crazy in the Android Market, you may want to have a seat.

According to Forbes, a North Carolina State University professor detailed on his blog how he and his team discovered a new malware threat that when installed, can evade virus scans and permission requests, making any wrongdoing virtually undetectable. Dubbed “Rootsmart, ” the app uses a process called “privilege escalation” that after having been installed for a few hours (days even), will begin downloading new code from a remote server hiding the data transfer in the phone’s normal communications.

The downloaded code is the ever popular “Gingerbreak” exploit that we’ve told you guys about in past which is able to gain complete access to a device’s SMS, phone calls, data — even recording sensitive phone conversations. Theoretically, Bouncer wouldn’t be able to detect malware in the app because the known malware (Gingerbreak in this case) wouldn’t initially be found in the app.

The cat-and-mouse game continues and like we’ve learned so many times in the past, where there are evildoers, nothing can ever be 100% full proof. Although the offending code has yet to be found anywhere in the Android Market (only 3rd party Chinese app site) one should always be cautious when installing apps from unknown sources — especially sketchy sites offering free pirated apps online.

簡單意譯如下:
根據美國北卡羅萊那大學教授Forbes指出,即使Android Market有了新的安全性機制Bouncer保護,駭客仍舊有辦法繞過偵測並盜取遭受感染的手機用戶資料。

Forbes所屬的研究團隊發現一種叫做Rootsmart的惡意軟體,其本身不含任何惡意代碼,使得Bouncer難以偵測。此惡意軟體被安裝後的數小時(甚至數天)後,會從遠端伺服器上下載可取得root權限的GingerBreak code,並將此下載動作隱藏在手機的正常通訊作業當中。此後手機的各項資訊如簡訊、通話紀錄、記憶卡檔案等各種隱私資料都會成為駭客竊取的對象,甚至監聽通話紀錄及悄悄安裝其他第三方應用程式。

資安的議題在智慧型手機日益蓬勃發展之下只會越演越烈,儘管目前在Android Market上尚未發現此類惡意軟體,而只出現在第三方應用程式網站上,但此篇文章的確提醒了我們,千萬不要因為貪圖免費而任意安裝來路不明的應用程式,以避免個人隱私資料遭竊。

原始文章出處:

http://phandroid.com/2012/02/07/new-android-malware-threat-arises-bypasses-googles-bouncer/

譯者:Green

About admin

Scroll To Top