14 DAY TRIAL // Security researchers from Bitdefender are reporting on an older Android malware that has changed tactics and is now delivering apps packed with exploits that can root Android devices.
Named Android Matrix Trojan, the malware has been around for some time and was spotted before in previous attacks, according to Bitdefender's Liviu Arsene.
In the most recent wave of infections, crooks are bundling the trojan with an app called VideoCharm, distributed via third-party stores.
App delivers annoying PUA installation popups
The app promises to provide easy access to adult videos, but security experts say that the app pesters users with popups, asking them to install other apps.
The app is not an empty shell and has a built-in feature that delivers the promised adult videos from online servers, so users are most likely to put up with the app's spammy behavior.
The first time a user opens it, the trojan downloads four ZIP files on the user's device. It then decompresses the four ZIP files, which contain various Android rooting exploits.
Rooting exploits target three different Android versions
Bitdefender says it found the exploits using CVE-2015-3636 and CVE-2015-1805 to gain admin privileges on the infected smartphones. Another exploit targets solely Huawei devices. The exploits are effective against Android Lollypop, Jelly Bean and KitKat.
If the exploits succeed, with these permissions in hand, the trojan now controls the phone. Bitdefender claims that the app also creates a log file named "root_trace" where all the results of the rooting attempts are stored and detailed.
"We all know that malware is constantly evolving – may it be for Android or PC – and this latest variation of the Android Matrix Trojan proves just that," Arsene explained. "Sideloading apps from third party marketplaces brigs forward security risks that could compromise your personal and private data."