ANDROIDOS_HTBENEWS.A
Rooting Tool
Android
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
Via app stores
This is the detection for the Android malware that exploits local privilege escalation vulnerability in Android devices (CVE-2014-3153). During our monitoring of Hacking Team dump, our researchers spotted a fake news application that has capability to circumvent the filtering of Google Play.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor app uses the news site name BeNews to appear legitimate. It can affect, but is not limited to, Android versions starting from 2.2 Froyo to 4.4.4 KitKat.
This backdoor is used to load and execute a file. It takes advantage of certain vulnerabilities.
This is the Trend Micro detection for Android applications that can be used to root Android devices.
TECHNICAL DETAILS
Yes
Compromises system security
Other Details
This backdoor is used to load and execute the following file:
- Download from their server
It takes advantage of the following vulnerabilities:
- CVE-2014-3153
Mobile Malware Routine
This is the Trend Micro detection for Android applications that can be used to root Android devices. Rooting enables the user to have elevated rights and permissions to access the Android subsystem.
NOTES:
This malicious app exploits CVE-2014-3153 local privilege escalation vulnerability in Android devices.
SOLUTION
9.750
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:
Did this description help? Tell us how we did.