Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
Trojan:AndroidOS/DroidKrungFu.A is a trojan that affects devices running the Android operating system, such as mobile phones. It steals information about the affected device, which it then sends to a specific server. It gains access to the device using the vulnerability described in CVE-2009-1185.
Threat behavior
Trojan:AndroidOS/DroidKrungFu.A is a trojan that affects devices running the Android operating system, such as mobile phones. It steals information about the affected device, which it then sends to a specific server. It gains access to the device using the vulnerability described in CVE-2009-1185.
Installation
Trojan:AndroidOS/DroidKrungFu.A may arrive in the device disguised as a legitimate application. It contains exploit code for the vulnerability described in CVE-2009-1185 that it saves as the following:
ratc gjsvro
Payload
Steals information Trojan:AndroidOS/DroidKrungFu.A steals the following information about the device:
IMEI
Operating system type
operating system APIs
Mobile device model
Mobile device number
SDK version
Internet service provider
SD card memory contents
It then sends the stolen information to the following remote server:
search.gongfu-android.com:8511
Performs certain actions
Trojan:AndroidOS/DroidKrungFu.A connects to the server at "search.gongfu-android.com:8511" to receive instructions to do certain actions:
Open the browser to a specific page
Download other malware into "/system/app/com.google.ssearch.apk"