DroidKungfu.A

AppRisk Coverage: Yes
Type: Exploit
OWASP: M4: Unintended Data Leakage
Aliases:

• Trojan: Android/DroidKungFu.A
• Backdoor.AndroidOS.KungFu
• Android/DroidFu
• Trojan:AndroidOS/DroidKrungFu.A
• Andr/KongFu-A
• AndroidOS_DROIDKUNGFU

Platform: Android
File size (bytes): N/A
Filename: com.aijiaoyou.android.sipphone
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2009-1185

Details or analysis:

This is exploit code that takes advantage of CVE-2009-1185 in order to root an affected device. Once rooted, the exploit code responds to instructions from an attacker that include performing any of the following actions:

• Capture SMS or MMS text messages
• Send captured text messages
• Locate the device using GPS
• Identify device state
• Collect device information including OS version, IMEI, contents of SD card, and internal memory

The exploit code sends gathered and sends details, using HTTP port 8511, to the following addresses as a string of information in hexadecimal format:

• search.gongfu-android.com
• search.zi18.com
• search.zs169.com

Reference:

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1185
• http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html