GingerMaster

Last updated

GingerMaster is malware that affects Android operating system version 2.3. It was first detected in August 2011. [1]

Contents

History

GingerMaster is Android malware that contains a root exploit packaged within an infected app. [2] [3] GingerMaster's Root exploit is the "KillingInTheNameOfGingerBreakzegRush" [4]

Process

GingerMaster acts to be a normal application on the users phone, and once the application is launched on an Android device, it acquires root privileges through GingerBreak on the device and then accesses sensitive data. [5] [4] Once GingerMaster has root access it will try to install a root shell for future malicious use. [4]

Function

GingerMaster steals data such as:

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

iOS jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by Apple on devices running iOS and iOS-based operating systems. It is typically done through a series of kernel patches. A jailbroken device typically permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones and tablets. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

<span class="mw-page-title-main">Hacking of consumer electronics</span>

The hacking of consumer electronics is a common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Android Debug Bridge</span> Tool for debugging Android-based devices

The Android Debug Bridge is a programming tool used for the debugging of Android-based devices. The daemon on the Android device connects with the server on the host PC over USB or TCP, which connects to the client that is used by the end-user over TCP. Made available as open-source software under the Apache License by Google since 2007, its features include a shell and the possibility to make backups. The adb software is available for Windows, Linux and macOS. It has been misused by botnets and other malware, for which mitigations were developed such as RSA authentication and device whitelisting.

Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.

<span class="mw-page-title-main">Google Play</span> Digital distribution service by Google

Google Play, also known as the Google Play Store or Play Store and formerly Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system and its derivatives, as well as ChromeOS, allowing users to browse and download applications developed with the Android software development kit and published through Google. Google Play has also served as a digital media store, offering games, music, books, movies, and television programs. Content that has been purchased on Google Play Movies & TV and Google Play Books can be accessed on a web browser and through the Android and iOS apps.

<span class="mw-page-title-main">Kingo Root</span> App to root an Android device

KingoRoot is software intended to provide root access on smartphones, tablet computers, etc. running all versions of the Android operating system from 4.1.2, available since 2013. There is another very similar Android Application with the same purpose, KingRoot launched at about the same time; the two very similarly-named applications are often confused.

Shedun is a family of malware software targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000 popular Android applications. Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.

DroidKungFu is a malware that affects Android OS. It primarily targets users in China. The first evidence of this malware was found in the Android Market in March 2011.

HummingBad is Android malware, discovered by Check Point in February 2016.

<span class="mw-page-title-main">Dirty COW</span> Computer security vulnerability

Dirty COW is a computer security vulnerability of the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

Xafecopy Trojan is a malware software targeting the Android operating system, first identified in September 2017 by cybersecurity and antivirus provider Kaspersky Lab. According to Kaspersky Lab, Xafecopy infected at least 4,800 users within a month in approximately 47 countries. Users in India were its primary victims, followed by users from Russia, Turkey, and Mexico.

References

  1. "First Android Malware Utilizing a Root Exploit on Android 2.3 (Gingerbread)" . Retrieved 2011-08-18.
  2. "First malware using Android Gingerbreak root exploit". 22 August 2011. Retrieved 2011-08-22.
  3. "Latest Android Malware Infects Gingerbread via Jailbreak Exploit" . Retrieved 2011-08-23.[ permanent dead link ]
  4. 1 2 3 Lee, Hwan-Taek; Kim, Dongjin; Park, Minkyu; Cho, Seong-je (2014-12-10). "Protecting data on android platform against privilege escalation attack". International Journal of Computer Mathematics. 93 (2): 401–414. doi:10.1080/00207160.2014.986113. ISSN   0020-7160. S2CID   39113435.
  5. "Beware the Android Gingermaster". Archived from the original on 2015-10-18. Retrieved 2011-08-23.