may be downloaded from the Internet from third-party Android markets.
Upon installation, it displays the following information on the device, outlining its capabilities:
TrojanSpy:AndroidOS/GingerMaster.A is capable of doing the following:
- Accessing the Internet
- Accessing your device's SD card (including modifying and deleting the card contents)
- Modifying your device's settings and system files
- Gaining highest privilege on your device's operating system
- Downloading other potentially arbitrary, possibly malicious files onto the device
contains an exploit code masquerading as an image file named 'gbfm.png', which is detected as Exploit:AndroidOS/CVE-2011-1823, and may allow a remote attacker to gain administrator privilege to the underlying operating system of the mobile device.
The malware can steal the following information stored on the device, and save it to a file named 'game_service_package.db', before sending the information to the remote address 'client.mustmobile.com' via HTTPPOST:
Device ID (IMEI)
Subscriber ID (IMSI)
SIM Serial number
It is also capable of downloading and installing other potentially malicious files onto the compromised device; in the wild, we have observed it downloading a file named '19225910801.apk' from the above mentioned remote server.
Analysis by Marianne Mallen
The following system changes may indicate the presence of this malware:
- The presence of the following files: