Trojan:AndroidOS/DroidKrungFu.A is a trojan that affects devices running the Android operating system, such as mobile phones. It steals information about the affected device, which it then sends to a specific server. It gains access to the device using the vulnerability described in CVE-2009-1185.
Trojan:AndroidOS/DroidKrungFu.A may arrive in the device disguised as a legitimate application. It contains exploit code for the vulnerability described in CVE-2009-1185 that it saves as the following:
Trojan:AndroidOS/DroidKrungFu.A steals the following information about the device:
- Operating system type
- operating system APIs
- Mobile device model
- Mobile device number
- SDK version
- Internet service provider
- SD card memory contents
It then sends the stolen information to the following remote server:
Performs certain actions
Trojan:AndroidOS/DroidKrungFu.A connects to the server at "search.gongfu-android.com:8511" to receive instructions to do certain actions:
- Open the browser to a specific page
- Download other malware into "/system/app/com.google.ssearch.apk"
- Execute specific applicaitions
- Delete specific applications
Analysis by Shawn Wang
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.