Analysis by: Ju Zhu


Rooting Tool




  • Threat Type: Backdoor

  • Destructiveness: Yes

  • Encrypted:

  • In the wild: Yes


This is the Trend Micro detection for Android applications that can be used to root Android devices.


File Size: 4,787,988 bytes
File Type: APK
Memory Resident: Yes
Initial Samples Received Date: 05 Jan 2016
Payload: Compromises system security

Mobile Malware Routine

This is the Trend Micro detection for Android applications that can be used to root Android devices. Rooting enables the user to have elevated rights and permissions to access the Android subsystem.


This is the Trend Micro detection for apps containing backdoor capabilities that abuse an old flaw (CVE-2014-7911) in Android versions before Lollipop 5.0 (Cupcake 1.5 to Kitkat 4.4W.2).

Attackers lure users of smart televisions to specific websites and get them to install these apps infected with malware. Once these are installed, it triggers the vulnerability leading to elevated privileges in the system.

With elevated permissions, the attacker then installs others apps or malware onto the system without the user’s consent. Our analysis revealed that they remotely update apps or remotely push related apps to the television sets.

However, note that these remotely installed apps are only downloaded via HTTP and not HTTPS. As a result, a second attacker capable of carrying out man-in-the-middle attacks could change the downloaded apps, in effect overriding the payload of the first attacker.


Minimum Scan Engine: 9.800

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:

Did this description help? Tell us how we did.