Symantec has warned that a recently discovered kernel exploit for the Linux operating system, which allows attackers to gain complete control of infected devices, has been ported to the Android smartphone platform.
The Android malware is capable of bypassing the system's sandboxing capabilities, which are used to prevent programs from performing sensitive systems operations or interfering with other applications installed on the handset, according to Symantec.
Typically, these so-called privilege escalation exploits are used to access data from other applications, prevent users from uninstalling the malware, and make it possible for the attackers to send premium rate text messages from the handset.
“Until a patch is made available for all Android devices affected by this exploit, and to avoid becoming a victim of malicious applications, we recommend that you only use reputable marketplaces for downloading and installing applications,” Symantec researchers wrote on a company blog.
While the exploit was originally conceived for Linux, Android shares much of its source code with the open source operating system, making it easier for attackers to modify the malware for the hugely popular mobile system.
The spiralling volumes of Android malware have blighted the smartphone system's assault on the enterprise, with many IT buyers reluctant to put corporate data at risk. That has persuaded some handset makers, notably Samsung, to develop their own security systems.
Samsung introduced Knox, a security service, in some models of its Galaxy S4 handsets earlier this year, although the Korean giant got itself in tangles over the UK availability of the service.