How can we help?
Rooting a device is dangerous. Acquiring privileged access to an Android device means the threat actor can sit there in silence and give themselves a range of permissions or install additional malware. Usually, Android malware requires a user to be interacting in some way.
This malware affects Android devices – with a high impact in the U.S in particular.
Lookout Threat Labs found 19 Android applications that presented as utility apps and system tools such as:
– password managers
– money managers
– app launchers
– data saving apps
Seven of these apps comprised of the rooting functionality. One of the apps, called “Lite Launcher”, managed to get onto the Google Play Store, there were 10,000 downloads before it was removed.
According to NIST, the known affected software configurations are Google/Android devices.
Containment, Mitigations & Remediation
Always keep your operating system up-to-date. Whether you are an IT professional or a consumer, mobile devices are an ideal tool for cybercriminals to take advantage of.
This is because there is a huge amount of sensitive data on there. By persistently keeping your operating system up-to-date, your organisation stays protected.
– Download apps from legitimate official stores only
– Keep your system up-to-date
– Be cautious of new/unknown apps
|App title||Package name||SHA-1|
|All Passwords||com.mobilesoft.security.password||311e4c2b1d4b90664c56d8caa0d32035dde68cc6 8716359ca3b4b7ed707e94b280e6e1e4c106035a 0dddea2fc5d4d9e819d3f45b2673347a927e7cef 60b9655d98d9dd697184e9b7d4026ef9ebc0bf05 b3320a3b34fea23f7d402dc451667fb66214fb9f|
|Anti-ads Browser||com.zooitlab.antiadsbrowser||7e4c93c228d63f175b8b7232ab826b97dfbbd6b5 7e263ba23e997ce5f4420f1e7de87305dc5eca6d 84bef7fba1562df4aefcd552fd2b53b47c544427 844e1de8d50cce29285d7a661141f8d93368702b 935c7ee3dd5a0927352fde3cb91a2f1bf69719e3 9caee5c9078cbcdcc2f5dcceb3cc60f8f57b94db|
|Lite Launcher||com.st.launcher.lite||663f9102ce0e7b6d041efc9010a3afa70d8c1aaa 99b7edc2af4e1c8dae3ee6f505ee771218e638fc 96a207e41bdaac5fd5e74298a357f33fe343d93d c7d5b2cac0c9f65d40a7f8ed3f12b891fe21c5ed 0afa18ff39419db788d0d6290f490e66513cf139 d9eae350eb07f7f43e69f3c6c6dddc5d952e9de8 2e074fa0c6de7092181c7b9284aa92c8c732d32a 72b127983d70f79e366a2a1bc0b2d95af9e58d3f 3e3eb8d0dfc57374e689fa7d24a0490be0aab3d1|
|Night Light||com.nightlight.app||8108bcda08173ff6ee82a7b1ea1cd781364493d8 50c98698c1af133a49eb7b2482246519913051ba 44f705ac7f360671ba80232420dac81299c00394 e8e0905f98782027800e6ead9c0c6130d8822dac|
T1476 – Deliver Malicious App via Other Means
The reason for this incident is still unknown.