Initially, the report of this threat was made by Xuxian Jiang of the University of North Carolina. Where they detailed the actions carried out by this malicious code and how it uses the exploitation of a vulnerability detected in April of this year known as Gingerbreak.
Like most of the malicious code published for this platform, GingerMaster is repackaged within legitimate applications, and those users who usually download and install them, compromise the security of their device. When the malicious code is executed for the first time, it modifies the system, so that when it finishes starting, it runs a service in the background, which will collect information from both the device and the user. Once the data is collected by this malicious code, it is sent to a remote server.
The exploit is hidden inside the .apk file of the modified application, under the name gbfm.png, so that it does not attract attention. Once this code is executed, the threat gets administrator permissions. In addition to hiding the exploit as a file of extension .png, you can also observe other files with the same extension, which are used by this threat:
Full content in original source ESET Latin America
