As our smartphones become more ubiquitous and more powerful, they need to be protected in much the same way that you would protect your computer. Further to this, a malicious piece of malware has been discovered for devices powered by Android 2.3.3 Gingerbread, giving the hacker the ability to take complete control of the smartphone remotely.
Dubbed GingerMaster, this malware is hidden inside of an infected app. Once you boot that app and the exploit is launched, it gains root privileges, attempting to install a root shell into the system partition. The secret background service sends pertinent data — device ID, phone number, etc. — to a remote server. To make things even sneakier, the actual exploit is inside a seemingly benign file called gbfm.png. It’s just an image file, right? Yeah, not exactly.
As far as we can tell, no “official” applications being offered through Android Market have been affected by GingerMaster, but it’s best to err on the side of caution when it comes to these things. Recognize that your Android smartphone is very much a computer and, as such, is just as vulnerable to attacks as your home PC.