This is the detection for the Android malware that exploits local privilege escalation vulnerability in Android devices (CVE-2014-3153). During our monitoring of Hacking Team dump, our researchers spotted a fake news application that has capability to circumvent the filtering of Google Play.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor app uses the news site name BeNews to appear legitimate. It can affect, but is not limited to, Android versions starting from 2.2 Froyo to 4.4.4 KitKat.
This backdoor is used to load and execute a file. It takes advantage of certain vulnerabilities.
This is the Trend Micro detection for Android applications that can be used to root Android devices.
Memory Resident: Yes
Payload: Compromises system security
This backdoor is used to load and execute the following file:
Download from their server
It takes advantage of the following vulnerabilities:
Mobile Malware Routine
This is the Trend Micro detection for Android applications that can be used to root Android devices. Rooting enables the user to have elevated rights and permissions to access the Android subsystem.
This malicious app exploits CVE-2014-3153 local privilege escalation vulnerability in Android devices.
Minimum Scan Engine: 9.750
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites: