ANDROIDOS_SHUAME.HRXA
October 16, 2015
THREAT SUBTYPE:
Rooting Tool
PLATFORM:
Android
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Rootkit
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This rootkit takes advantage of certain vulnerabilities.
TECHNICAL DETAILS
Download Routine
After successfully exploiting the said vulnerability, this malware connects to the following URLs to possibly download other malicious files:
- http://adservice.{BLOCKED}app.com/root/getAdList.json
Other Details
This rootkit takes advantage of the following vulnerabilities:
- Memory Corruption in QSEECOM Driver (CVE-2014-4322)
- Android API Function Address Validation Vulnerability (CVE-2013-6282)
- Linux Kernel Futex Local Privilege Escalation (CVE-2014-3153)
- Android <5.0 Privilege Escalation using ObjectInputStream (CVE-2014-7911)
- Linux Kernel Ping_Unhash Function Vulnerability (CVE-2015-3636)
SOLUTION
Minimum Scan Engine:
9.750
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:
Did this description help? Tell us how we did.