EXPL_LOTOOR.EX
October 09, 2012
ALIASES:
Exploit.Linux.Lotoor.au (Kaspersky)
PLATFORM:
Linux
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may arrive bundled with malware packages as a malware component. It may be dropped by other malware.
TECHNICAL DETAILS
File Size:
Varies
File Type:
ELF
Initial Samples Received Date:
07 Jun 2012
Arrival Details
This Trojan may arrive bundled with malware packages as a malware component.
It may be dropped by other malware.
NOTES:
This Trojan copies /data/data/com.unstableapps.easyroot/files/su to /system/bin/su and /data/data/com.unstableapps/easyroot/files/Superuser.apk to /system/app/Superuser.apk. It sets the permissions of /system/bin/su to 04775 and /system/app/Superuser.apk to 04744.
It drops the following files:
- {malware path}/loading
- {malware path}/hotplug
It creates the symbolic link {malware path}/data pointing to /proc/sys/kernel/hotplug.