Trojan: Android/DroidKungFu.C

Summary

---

Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.

Removal

---

Automatic action

F-Secure SAFE automatically blocks installation of this program.

Manual Removal

Monitoring-Tool:Android/DroidKungFu.C can be uninstalled by following the steps below:

• Go toSettings
• Go toApplications
• Go toManage Applications
• Select the application
• Press "Clear data"
• Press "Uninstall"
• Select "OK" when asked for confirmation and wait

Technical Details

---

Trojan:Android/DroidKungFu.C are distributed on unauthorized Android app sites as trojanized versions of legitimate applications.

Installation

Prior to installation, this new variant of the DroidKungFu family requests the following permissions:

Activity

Once installed, DroidKungFu.C attempts to root the phone (gain control of the system) by using exploits, including RageAgainstTheCage. These exploits are stored in the malware package and encrypted with a key.

The trojan also attempts to collect the following information from the compromised device:

• International Mobile Equipment Identity (IMEI)
• Mobile device model
• Network operator
• Network type
• Operating system (OS) APIs
• OS type
• Information stored in the Phone memory
• Information stored in the SD card memory

The collected information is reported to remote command and control (C&C) servers at multiple locations:

• http://[...]search.gongfu-android.com:8511/[...]search/
• http://[...]search.zi18.com:8511/[...]search/
• http://[...]search.zs169.com:8511/[...]search/

More

This trojan was discovered by researchers at the North Carolina State University. For additional information, see:

• Security Alert: New DroidKungFu Variant -- AGAIN! -- Found in Alternative Android Markets.