Trojan.AndroidOS.STAGEFRIGHTEXP.GCL

 Analysis by: Earl Jewel Valiente

 ALIASES:

Exploit.AndroidOS.Stagefright.a (KASPERSKY), Exploit:AndroidOS/StageFright (MICROSOFT)

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Exploit

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  TECHNICAL DETAILS

File Size:

29,984 bytes

File Type:

MP4

Memory Resident:

No

Initial Samples Received Date:

03 Apr 2024

Payload:

Collects system information, Sends messages

Installation

This Exploit takes advantage of the following vulnerability/vulnerabilities to elevate privileges:

  • CVE-2015-1538: Integer overflow in libstagefright parsing crafted MP4 video
  • CVE-2015-1539: Buffer overflow in libstagefright parsing crafted MP4 video
  • CVE-2015-3824: Buffer overflow in libstagefright parsing crafted MP3 audio
  • CVE-2015-3826: Buffer overflow in libstagefright parsing crafted MP3 audio
  • CVE-2015-3827: Buffer overflow in libstagefright parsing crafted MP3 audio
  • CVE-2015-3828: Buffer overflow in libstagefright parsing crafted MP3 audio
  • CVE-2015-3829: Buffer overflow in libstagefright parsing crafted MP3 audio
  • CVE-2015-3864: Buffer overflow in libstagefright parsing crafted MP4 video
  • CVE-2015-6602: Buffer overflow in libstagefright parsing crafted MP4 video
  • CVE-2015-6608: Buffer overflow in libstagefright parsing crafted MP4 video

Other Details

This Exploit does the following:

  • Taking control of the device remotely
  • Installing malware or spyware
  • Collection of sensitive information stored on the device
  • Recording audio or video
  • Sending premium-rate SMS messages

  SOLUTION

Minimum Scan Engine:

9.800

FIRST VSAPI PATTERN FILE:

18.844.03

FIRST VSAPI PATTERN DATE:

27 Nov 2023

VSAPI OPR PATTERN File:

18.845.00

VSAPI OPR PATTERN Date:

28 Nov 2023

TMMS Pattern File:

2.307.029

TMMS Pattern Date:

22 Feb 2022

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:

Step 2

Download and apply these security patches Refrain from using these products until the appropriate patches have been installed. Trend Micro advises users to download critical patches upon release by vendors.

Step 3

Scan your computer with your Trend Micro product to delete files detected as Trojan.AndroidOS.STAGEFRIGHTEXP.GCL. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:


Did this description help? Tell us how we did.