Hackers Get Lazy, Build Trojan On Top of Android Rooting Utility (softpedia.com) 53
An anonymous reader writes: Instead of creating their own exploits, some lazy Chinese hackers took the Root Assistant Android rooting toolkit and remodeled it into a trojan, which they packed inside copies of legitimate apps (distributed via unofficial app stores). Until now, only seven apps were repackaged, and only 600 users infected. A weird thing: there's a XML file in the trojan that prevents it from infecting Chinese users.
If you are a chinese hacker. (Score:3)
If you hack systems in china, it is much easier to prosecute. (I would assume)
Re: (Score:2)
Re: If you are a chinese hacker. (Score:1)
For those of us who don't know what you mean, what do you mean? Is that a common bullet size or something? Since bullets typically move, wouldn't they hemorrhage a much larger volume? Why did you give only two dimensions? Was one of them a radius?
Re: (Score:1)
Re: If you are a chinese hacker. (Score:1)
Since no-one seems interested in your apparently serious question, I'll pipe in... Yes, the 7.62x39 is a common (some will argue the most common) ammunition designator for the cartridge used by Soviet Block weapons to include the AK-47, SKS and many other variants worldwide. The 7.62 (mm) is the diameter of the bullet (actual projectile portion of the cartridge) and the 39 (mm) is the length of the cartridge case. Many people will refer to a 7.62mm cartridge as a "30 caliber" because the bullet has a diamet
Re: (Score:3)
Actually, as of 1974 the USSR (and later Russians) have been replacing their 7.62x39 weapons and ammo with 5.45x39mm weapons and ammo (e.g. the AK-74). More at https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:3)
If you hack systems in china, it is much easier to prosecute. (I would assume)
Other possible motivations:
The malware developers don't want to become infected by their own malware, so they make it avoid some aspect of their configuration. (Language selection is an easy one to pick, if the target set is not in your language group anyhow.)
The malware developers may be trying to confine the malware to particular target sets, and avoiding certain countries, languages, etc. is a first, coarse, sieve.
Re: (Score:1)
If you hack systems in china, it is much easier to prosecute. (I would assume)
Not necessarily, I think that XML file is a strong indication that it is not Chinese hackers, but instead the Chinese military.
Re: (Score:3)
Not the first time we've seen something like this: an early version of Conficker would detect Ukrainian computers and wouldn't infect them. [wikipedia.org]
Not weird at all. (Score:1)
Many trojans/worms/etc have an inbuilt list of friendlies (languages), that they won't infect. For example, take a look at Cryptolocker 3/4 untouchables: Belarus, Ukraine, Russia, Kazakhstan, Armenia, Serbia, Iran.
Source: http://slashdot.org/comments.pl?sid=8429047&cid=51052519 - Page 26
And this is why... (Score:2)
I root my devices manually.
I'd rather unlock the bootloader myself (Nexus/OnePlus) and install the su binary I downloaded directly from ChainFire than run some utility written by someone whose reputation I don't know. I also download the su binary directly - not off of a fileshare or forum post. I don't take any chances when I'm gaining root to a machine.
Re: (Score:2)
The unlocked bootloader method will wipe your device, and a lot of people don't already have good backup software installed.
Re: (Score:2)
The unlocked bootloader method will wipe your device, and a lot of people don't already have good backup software installed.
If you're unlocking your bootloader as part of the process to get root, you can't reasonably do a proper backup anyway... so just let Google back up your phone, and then do the install. Anyone paranoid enough to think Google will sell out all their secret plans to rule the world isn't keeping them on their phone, so who cares about the privacy implications anyway?
Re: (Score:2)
so just let Google back up your phone
Wouldn't this likely cause you to run out of space on your Google drive?
Re: (Score:3)
Wouldn't this likely cause you to run out of space on your Google drive?
Not if you've had the foresight to buy a phone with a card slot, and saved your music etc. there. The apps don't get backed up, they just get reinstalled. Anything the user has sideloaded can be sideloaded again later; anything the user has installed from the Play store will be reinstalled.
I've used the tactic successfully, but then, I've got card slots. So perhaps this technique is not for everyone.
Can we please stop calling them 'Trojans'? (Score:5, Informative)
The term is Trojan Horse.
I'd like to be able to discuss security without thinking of condoms, thanks very much!
Re: (Score:2)
We will not stop calling them "Trojans". So basically, you're fucked.
/KnowWhatIMeanNudgeNudgeWinkWinkSayNoMore
Re:Can we please stop calling them 'Trojans'? (Score:4)
The term is Trojan Horse.
No, the term is trojan. We're not talking about a horse, and the term in this context was coined my nerds, so it was kept simple. Trojan. Done.
FWIW, "A trojan" by default would refer to a resident of Troy, not a condom. The term for that is "Trojan condom"
Re: (Score:1)
You mistake the famous historical story for proper definitions. The occupants of Troy were Trojans. This is separate from the horse. The computer security term was coined from Trojan horses, however it was shortened to make communication easier and faster, to Trojan. thus, both of you are correct, as were it not for an oddity of slang, it would make no sense to call it a Trojan, however the term in common use is in fact exactly that.
Re: Can we please stop calling them 'Trojans'? (Score:1)
Re: (Score:1)
The problem there is that we are the trojans... whereas the software under discussion is the horse. When you get simple things like that wrong, it shows that you don't know what you are saying, and when you don't know what you are saying, that shows you don't know what's going on.
Just good software-engineering practice (Score:5, Interesting)
Do not re-invent the wheel, re-use what is already there. What we are seeing here is a transition from the "genius" hacker (in reality often not even reasonably smart, but very persistent and focused) to normal engineers (engineers without morals to be sure, but history is full of them). The thing that allows this transition is the abysmally bad state of software and device security, which seems to be getting worse, not better.
Drivers here are classical greed and stupidity, and fascist fantasies of being able to snoop on everybody anywhere, anytime. There are only two outcomes: Security gets fixed (which is a major, major undertaking and requires a cultural change) or we will see a rather drastic end of the advantages of the information age for most people with just a few small elites still profiting.
Re: (Score:2)
Re: Why is Slashdot so Anti-Chinese, so biased? (Score:1)
600 people learned now? (Score:1)
Anything non mainstream you should do your research before you install. Everybody reading here surely knows about xda-developers forums etc.
And it is not news that you can install [any code] and run it if you mean to.
Re: (Score:2)
I'd wager that fewer than 6 learned anything specific and long-term from this. Out of those 600 infected devices, I bet they're owned by people who will have infections again in the near future because they failed to change their practices. Were there a way to prove this, I'd be willing to place money on it.
Lazy?? (Score:2)