arrow_back
search
close

ANDROIDOS_ROOTRAZR.A

June 18, 2013
 Analysis by: Bob Pan
 THREAT SUBTYPE:

Rooting Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This hacking tool may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

1,283,460 bytes

File Type:

ELF

Memory Resident:

Yes

Initial Samples Received Date:

16 Apr 2003

Arrival Details

This hacking tool may be manually installed by a user.

NOTES:

This malware is part of a tool used for rooting Android devices.

It exploits an Android vulnerability (CVE-2012-6422) to gain root privilege. It then proceeds to install busybox and su to /system/xbin/.


Figure 1. Installing busybox


Figure 2. Installing su

Installation allows other apps on the affected device to gain root privilege by executing /syste/xbin/su.

While this can be used by the user to root their own devices, this can also be exploited by malicious users.

  SOLUTION

Minimum Scan Engine:

9.300

VSAPI OPR PATTERN File:

1.453.0

VSAPI OPR PATTERN Date:

18 Apr 2013

Step 1

Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_ROOTRAZR.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.