Analysis by: Christopher Daniel So
ALIASES:

Exploit.Linux.Lotoor.au (Kaspersky)

 PLATFORM:

Linux

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan may arrive bundled with malware packages as a malware component. It may be dropped by other malware.

  TECHNICAL DETAILS

Tamaño del archivo Varies
Tipo de archivo ELF
Fecha de recepción de las muestras iniciales 07 Jun 2012

Arrival Details

This Trojan may arrive bundled with malware packages as a malware component.

It may be dropped by other malware.

NOTES:

This Trojan copies /data/data/com.unstableapps.easyroot/files/su to /system/bin/su and /data/data/com.unstableapps/easyroot/files/Superuser.apk to /system/app/Superuser.apk. It sets the permissions of /system/bin/su to 04775 and /system/app/Superuser.apk to 04744.

It drops the following files:

  • {malware path}/loading
  • {malware path}/hotplug

It creates the symbolic link {malware path}/data pointing to /proc/sys/kernel/hotplug.