Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android China Security

Hackers Get Lazy, Build Trojan On Top of Android Rooting Utility (softpedia.com) 53

An anonymous reader writes: Instead of creating their own exploits, some lazy Chinese hackers took the Root Assistant Android rooting toolkit and remodeled it into a trojan, which they packed inside copies of legitimate apps (distributed via unofficial app stores). Until now, only seven apps were repackaged, and only 600 users infected. A weird thing: there's a XML file in the trojan that prevents it from infecting Chinese users.
This discussion has been archived. No new comments can be posted.

Hackers Get Lazy, Build Trojan On Top of Android Rooting Utility

Comments Filter:
  • by queazocotal ( 915608 ) on Sunday December 06, 2015 @11:55AM (#51067725)

    If you hack systems in china, it is much easier to prosecute. (I would assume)

    • Comment removed based on user account deletion
      • by Anonymous Coward

        For those of us who don't know what you mean, what do you mean? Is that a common bullet size or something? Since bullets typically move, wouldn't they hemorrhage a much larger volume? Why did you give only two dimensions? Was one of them a radius?

    • If you hack systems in china, it is much easier to prosecute. (I would assume)

      Other possible motivations:

      The malware developers don't want to become infected by their own malware, so they make it avoid some aspect of their configuration. (Language selection is an easy one to pick, if the target set is not in your language group anyhow.)

      The malware developers may be trying to confine the malware to particular target sets, and avoiding certain countries, languages, etc. is a first, coarse, sieve.

    • by Anonymous Coward

      If you hack systems in china, it is much easier to prosecute. (I would assume)

      Not necessarily, I think that XML file is a strong indication that it is not Chinese hackers, but instead the Chinese military.

    • Not the first time we've seen something like this: an early version of Conficker would detect Ukrainian computers and wouldn't infect them. [wikipedia.org]

  • by Anonymous Coward

    Many trojans/worms/etc have an inbuilt list of friendlies (languages), that they won't infect. For example, take a look at Cryptolocker 3/4 untouchables: Belarus, Ukraine, Russia, Kazakhstan, Armenia, Serbia, Iran.

    Source: http://slashdot.org/comments.pl?sid=8429047&cid=51052519 - Page 26

  • I root my devices manually.

    I'd rather unlock the bootloader myself (Nexus/OnePlus) and install the su binary I downloaded directly from ChainFire than run some utility written by someone whose reputation I don't know. I also download the su binary directly - not off of a fileshare or forum post. I don't take any chances when I'm gaining root to a machine.

    • by tepples ( 727027 )

      The unlocked bootloader method will wipe your device, and a lot of people don't already have good backup software installed.

      • The unlocked bootloader method will wipe your device, and a lot of people don't already have good backup software installed.

        If you're unlocking your bootloader as part of the process to get root, you can't reasonably do a proper backup anyway... so just let Google back up your phone, and then do the install. Anyone paranoid enough to think Google will sell out all their secret plans to rule the world isn't keeping them on their phone, so who cares about the privacy implications anyway?

        • by tepples ( 727027 )

          so just let Google back up your phone

          Wouldn't this likely cause you to run out of space on your Google drive?

          • Wouldn't this likely cause you to run out of space on your Google drive?

            Not if you've had the foresight to buy a phone with a card slot, and saved your music etc. there. The apps don't get backed up, they just get reinstalled. Anything the user has sideloaded can be sideloaded again later; anything the user has installed from the Play store will be reinstalled.

            I've used the tactic successfully, but then, I've got card slots. So perhaps this technique is not for everyone.

  • by Anonymous Coward on Sunday December 06, 2015 @12:06PM (#51067765)

    The term is Trojan Horse.

    I'd like to be able to discuss security without thinking of condoms, thanks very much!

    • We will not stop calling them "Trojans". So basically, you're fucked.

      /KnowWhatIMeanNudgeNudgeWinkWinkSayNoMore

    • The term is Trojan Horse.

      No, the term is trojan. We're not talking about a horse, and the term in this context was coined my nerds, so it was kept simple. Trojan. Done.

      FWIW, "A trojan" by default would refer to a resident of Troy, not a condom. The term for that is "Trojan condom"

      • by Anonymous Coward

        The problem there is that we are the trojans... whereas the software under discussion is the horse. When you get simple things like that wrong, it shows that you don't know what you are saying, and when you don't know what you are saying, that shows you don't know what's going on.

  • by gweihir ( 88907 ) on Sunday December 06, 2015 @12:18PM (#51067833)

    Do not re-invent the wheel, re-use what is already there. What we are seeing here is a transition from the "genius" hacker (in reality often not even reasonably smart, but very persistent and focused) to normal engineers (engineers without morals to be sure, but history is full of them). The thing that allows this transition is the abysmally bad state of software and device security, which seems to be getting worse, not better.

    Drivers here are classical greed and stupidity, and fascist fantasies of being able to snoop on everybody anywhere, anytime. There are only two outcomes: Security gets fixed (which is a major, major undertaking and requires a cultural change) or we will see a rather drastic end of the advantages of the information age for most people with just a few small elites still profiting.

  • by Anonymous Coward

    Anything non mainstream you should do your research before you install. Everybody reading here surely knows about xda-developers forums etc.

    And it is not news that you can install [any code] and run it if you mean to.

    • by KGIII ( 973947 )

      I'd wager that fewer than 6 learned anything specific and long-term from this. Out of those 600 infected devices, I bet they're owned by people who will have infections again in the near future because they failed to change their practices. Were there a way to prove this, I'd be willing to place money on it.

  • They may be bastards exploiting people. But Lazy??? WTF! reusing code that works is the sign of excellent development practices not lazy.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...