Follow:

 

Trojan:AndroidOS/DroidKrungFu.A


Trojan:AndroidOS/DroidKrungFu.A is a trojan that affects devices running the Android operating system, such as mobile phones. It steals information about the affected device, which it then sends to a specific server. It gains access to the device using the vulnerability described in CVE-2009-1185.



What to do now

Install antivirus software for your mobile device. For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Trojan:AndroidOS/DroidKrungFu.A is a trojan that affects devices running the Android operating system, such as mobile phones. It steals information about the affected device, which it then sends to a specific server. It gains access to the device using the vulnerability described in CVE-2009-1185.

Installation

Trojan:AndroidOS/DroidKrungFu.A may arrive in the device disguised as a legitimate application. It contains exploit code for the vulnerability described in CVE-2009-1185 that it saves as the following:

ratc gjsvro
Payload

Steals information
Trojan:AndroidOS/DroidKrungFu.A steals the following information about the device:

  • IMEI
  • Operating system type
  • operating system APIs
  • Mobile device model
  • Mobile device number
  • SDK version
  • Internet service provider
  • SD card memory contents

It then sends the stolen information to the following remote server:

search.gongfu-android.com:8511

Performs certain actions

Trojan:AndroidOS/DroidKrungFu.A connects to the server at "search.gongfu-android.com:8511" to receive instructions to do certain actions:

  • Open the browser to a specific page
  • Download other malware into "/system/app/com.google.ssearch.apk"
  • Execute specific applicaitions
  • Delete specific applications

Analysis by Shawn Wang


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.


Prevention


Alert level: Severe
First detected by definition: 1.105.1563.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Jun 08, 2011
This entry was first published on: Jun 08, 2011
This entry was updated on: Aug 30, 2011

This threat is also detected as:
  • Droid Kung Fu trojan (other)
  • Android.Trojan.DroidKungFu2.B (BitDefender)
  • Android.Gongfu.2 (Dr.Web)
  • Android/DroidKungFu.A trojan (ESET)
  • Android.Fokonge (Symantec)
  • AndroidOS_GONFU.A (Trend Micro)
  • Android.Gongfu.3 (Dr.Web)
  • Android/DroidKungFu.B trojan (ESET)
  • Backdoor.AndroidOS.KungFu.b (Kaspersky)
  • Android/DroidFu (McAfee)
  • Andr/KongFu-A (Sophos)