The Android Malware DroidKungFu Adapts to Avoid Detection and Converts Handsets into Bots

The network security provider, Fortinet, recently released their Threat Landscape Research findings for the month of October. Within the report, Fortinet uncovered the disturbing ongoing evolution of an Android botnet called DroidKungFu that behaves much like malware found on PCs.

Today's smartphones are essentially computers that fit into the palms of our hands, allowing us to perform complex computations, communicate in many ways and run the latest variations of creative applications. Statistics, from the Pew Internet Research Center, shows that two in five cell phone owners (39%) say that their phone operates on a smartphone platform including iPhone iOS, Blackberry, Windows and Android. When compared to other smartphone operating systems, Android holds the second highest world market share surpassed only by the iPhone's iOS. In the US, Android is the market share leader. Additionally, it is estimated that there are over 140 million smartphone users in the US alone. The creators of malware are very aware of these statistics, which is why we are not surprised to see a new iteration of aggressive Android malware to hit the smartphone street.

The Hidden Dangers of Android Malware

The evolution of mobile malware has been rather lax until just recently. There have been small attacks against the Android smartphone operating system in the past but nothing as serious as the current rash of the DroidKungFu botnet. DroidKungFu has the willful ability to download malware onto a smartphone in addition to starting programs, opening URLs in a browser and even deleting files. Derek Manky, Senior security strategist at Fortinet says, 'DroidKungFu clearly represents the next evolution in mobile malware.' Clearly there is no question to Manky's statement as DroidKungFu acts virtually the same as malware on a PC.

DroidKungFu was found to have many different variants. It is also believed to gain root access to an infected device using social engineering by disguising itself as a legitimate VPN client application. Ultimately, this would make it near impossible for an Android user to clearly identify malicious activities occurring on his/her device.

Android Malware in the Past, Present and Future

There have been previous instances where an Android malware called Zitmo, a version of Zeus for Android, attempted to pilfer online banking authentications revealing the identity of an account holder. Since then, it has been evident that Android malware, such as DroidKungFu, has evolved into a more complex structure acting much like a full-fledged botnet (group of compromised computers).

Various malware research sources have identified certain versions of DroidKungFu performing other malicious actions, potentially giving remote users access to certain aspects of an Android powered device. The behavior of DroidKungFu is much like a botnet and could very well continue to evolve, which is why Android users must use caution when clicking on links or downloading new apps. In any case, do not click on a link, even if it is a shortened URL, unless you are 100% certain it is a trusted source. Malware creators are starting to take use of malicious URL shortness instead of the typical 'TinyURL' or 'Bit.ly' services. Identifying the source of a shortened URL is almost impossible especially when viewing on an Android powered device (smartphone).

Have you ever run across malware on your Android device? If so, were you able to remove it?