Login
Login

DroidKungFu

{{Short description|Android Malware}}

{{lead too short|date=April 2018}}

DroidKungFu is a malware that affects Android OS. It primarily targets users in China. The first evidence of this malware was found in the Android Market in March 2011.{{cite web |url= https://blog.lookout.com/blog/2011/06/06/security-alert-new-malware-found-in-alternative-android-markets-legacy/ |title= DroidkungFu Malware targets china |accessdate= 2011-07-23 |archive-url= https://web.archive.org/web/20130330152455/https://blog.lookout.com/blog/2011/06/06/security-alert-new-malware-found-in-alternative-android-markets-legacy/ |archive-date= 2013-03-30 |url-status= dead }}

History

DroidKungFu was discovered by US-based researchers Yajin Zhou and Xuxian Jiang. The two discovered this malware while working at North Carolina State University. {{cite web |url=https://thenextweb.com/google/2011/06/05/droidkungfu-android-malware-steals-sensitive-data-avoids-anti-virus-detection/#gref |title=Researcher who involved in finding DroidKungFu Malware|date=5 June 2011|accessdate=2011-06-20}} It targets the Android 2.2 platform and allows hackers to access and control devices. DroidKungFu malware can collect some user data through backdoor hacking.{{cite web|url=http://www.itproportal.com/2011/06/07/droidkungfu-malware-targets-android-users-china/#ixzz4CG3btGIF |title= Droidkungfu malware targets android users in China|date= 7 June 2011|accessdate =2011-07-06}}

Process of DroidKungFu malware

DroidkungFu encrypts two different root exploits: a udev exploit and a "RageAgainsTheCage" exploit, to break android security. {{cite web| url=https://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html|title=DroidKungFu - Complete overview|accessdate=2011-07-06}} Once executed, it decrypts the exploits and communicates with a remote server without user knowledge.{{cite web|url=http://www.androidauthority.com/more-devious-android-malware-discovered-73730/|title=Android malware discovery(DroidKungFu)|accessdate=2011-07-06|archive-date=2012-04-12|archive-url=https://web.archive.org/web/20120412001507/http://www.androidauthority.com/more-devious-android-malware-discovered-73730/|url-status=dead}}

= Function =

  • Silent mobile device rooting
  • Unlocks all system files and functions
  • Installs itself without any user interaction

= Data collected =

  • IMEI number
  • Phone model
  • Android OS version
  • Network operator
  • Network type
  • Information stored in the Phone & SD Card memory {{cite web| url=https://www.f-secure.com/v-descs/trojan_android_droidkungfu_c.shtml|title=Droidkungfu malware function detailed|accessdate=2011-07-06}}

See also

References

{{Reflist|30em}}

{{Hacking in the 2010s}}

Category:Android (operating system) malware

Category:Denial-of-service attacks

Category:Mobile malware