F-Secure researchers are investigating newish malware targeting Android phones — Trojan Downloader: Android/DroidKungFu.E and Trojan: Android/DroidKungFu.C.There are currently two write-ups on this in the F-Secure blog, which describes it as an interesting threat using a novel “infection vector.”Let’s start at the beginning. Yesterday, in a post called “These aren’t the Droid updates you’re looking for,” the lab offered the following quick analysis: What we can currently tell you is that the original application (downloaded from a third-party market) is free of malicious code. Once installed, the application immediately informs the users that an update is available — and that “update” — installs a variant of Trojan:Android/DroidKungFu.There’s still some question as to whether the original application developer actually intends for their application to be a used as a DroidKungFu downloader. Possibly, the developer’s back end has been compromised.Today, they posted a much deeper analysis with a variety of screen shots. Here’s some of what they had to say in the update:The application we’ve been analyzing is called com.ps.keepaccount, and a quick check into its content reveals a couple of findings. The original application (SHA-1: 5e2fb0bef9048f56e461c746b6a644762f0b0b54) shows no trace of DroidKungFu at first glimpse. Once installed, the application would inform the user that an update is available; when the user installs this update, the updated application would then contain extra functionalities, similar to that found in DroidKungFu malware. Compared to the original version, the updated application requested for two additional permissions that would allow it to access SMS and MMS messages, and the device’s location. While a difference in permissions may not be the best way to identify whether an update is malicious, it is still a good practice to be aware and suspicious if an application update is requesting for different permissions.More importantly, the updated application uses an exploit to gain root privilege, which would enable it to perform more potentially unwanted actions.The language is exactly the kind I wrote about over and over again five-plus years ago. The big difference today is that this stuff almost always seems to be targeting smartphones. Back then, everything targeted the desktops and I was talking to F-Secure Chief Research Officer Mikko Hypponen about mobile phone malware as some distant years-away concept. The future has truly arrived.–Bill Brennerone-stop view of latest business threats. We created it for you! Bookmark it! Use it!CSO’s Daily Dashboard gives you a Sign up today.Get your morning news fix with the daily Salted Hash e-newsletter! Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe