A new modification of Android.Gongfu load software without the user's knowledge

The company "Doctor Web," warned users of Android mobile platform for distributing new versions Android.Gongfu. Hackers embed this Trojan in a variety of programs and games that propagate through the unofficial sites, collections of software. New Android.Gongfu able not only to convey information about the attackers infected the device and run the incoming commands from a remote server, but also download and install other applications without your knowledge. service installed by the Trojan is run automatically without user intervention, and collects data about the device, including the operating system version , phone model, the mobile operator name, IMEI number and phone number of the user. Subsequently, this information is transmitted attackers. In addition, Android.Gongfu can act as a backdoor that can carry produced by the team. Over the past few weeks an updated modification Android.Gongfu Trojan has been identified in several applications, distributed through unofficial sites, collections of software. In particular, it was revealed in a modified distribution of popular game Angry Birds Space.

Unlike the first implementations Android.Gongfu, new versions of the Trojan does not use the vulnerability of Android, which allowed them without user intervention to improve their own privileges in the system to a level root. Instead, complete with an infected application the user is prompted step by step instructions, allowing the OS to run with administrator privileges. The instructions stated that it is supposedly necessary for the correct operation of the program or update it. After running with administrator privileges Android.Gongfu is able to be integrated into system processes Android, including downloading and installing the OS various applications without your knowledge. According to "Dr. Web", all known to date, modification Android.Gongfu successfully detected by Dr . Web for Android Anti-spam and Dr.Web 7.0 for Android Light using technology Origins Tracing. In order to avoid infection by malware company recommends that users download and install applications only from the official site Google Play and do not run on your device any programs that require for their work administrator privileges.