A few days ago, Xuxian Jiang, Assistant Professor (Department of Computer Science, NC State University) and his team of researchers discovered a new type of Android malware which uses a root exploit- the latest, only discovered in April of this year- called Ginger Break. The exploit is contained within a regular application which helps it attract victims. Once it is installed, it runs a service silently in the background which collects and saves information about the device and then uploads them to a remote server. It also marks itself as the 'receiver' so it will be notified when the device finishes booting.
The actual exploit is packaged into an image file named gbfm.png. Gbfm is an acronym of Ginger Break For Me and the png suffex makes the file less suspicious. Once the exploit is launched, it will elevate the file to gain root privileges. It will then install a root shell into the system partition for later use. Once this is done, it can download and install any application silently via the pm install command in root shell from a remote server.
The researchers said; "Due to the fact that GingerMaster contains the most recent root exploit, we consider it poses one of the most serious threats to mobile users. For mitigation, please follow common-sense guidelines for smartphone security."
One day after this research was completed, the first case of Ginger Break was detected. This just shows how serious the threat to mobile devices now is, so please take care when installing applications and be wary of the permissions they utilise.
If you have not already, I recommend you install one of these Android security applications;we made a list to make it easy for you.