Hackers Get Lazy, Build Trojan On Top of Android Rooting Utility

An anonymous reader writes: Instead of creating their own exploits, some lazy Chinese hackers took the Root Assistant Android rooting toolkit and remodeled it into a trojan, which they packed inside copies of legitimate apps (distributed via unofficial app stores). Until now, only seven apps were repackaged, and only 600 users infected. A weird thing: there's a XML file in the trojan that prevents it from infecting Chinese users.

If you are a chinese hacker.

[queazocotal]

If you hack systems in china, it is much easier to prosecute. (I would assume)

Re:If you are a chinese hacker.

[Ungrounded+Lightning]

If you hack systems in china, it is much easier to prosecute. (I would assume)

Other possible motivations:

The malware developers don't want to become infected by their own malware, so they make it avoid some aspect of their configuration. (Language selection is an easy one to pick, if the target set is not in your language group anyhow.)

The malware developers may be trying to confine the malware to particular target sets, and avoiding certain countries, languages, etc. is a first, coarse, sieve.

Re:If you are a chinese hacker.

[Wootery]

Not the first time we've seen something like this: an early version of Conficker would detect Ukrainian computers and wouldn't infect them.

Re: If you are a chinese hacker.

[CrankyFool]

Actually, as of 1974 the USSR (and later Russians) have been replacing their 7.62x39 weapons and ammo with 5.45x39mm weapons and ammo (e.g. the AK-74). More at https://en.wikipedia.org/wiki/...

Can we please stop calling them 'Trojans'?

The term is Trojan Horse.

I'd like to be able to discuss security without thinking of condoms, thanks very much!

Re:Can we please stop calling them 'Trojans'?

[drinkypoo]

The term is Trojan Horse.

No, the term is trojan. We're not talking about a horse, and the term in this context was coined my nerds, so it was kept simple. Trojan. Done.

FWIW, "A trojan" by default would refer to a resident of Troy, not a condom. The term for that is "Trojan condom"

Just good software-engineering practice

[gweihir]

Do not re-invent the wheel, re-use what is already there. What we are seeing here is a transition from the "genius" hacker (in reality often not even reasonably smart, but very persistent and focused) to normal engineers (engineers without morals to be sure, but history is full of them). The thing that allows this transition is the abysmally bad state of software and device security, which seems to be getting worse, not better.

Drivers here are classical greed and stupidity, and fascist fantasies of being able to snoop on everybody anywhere, anytime. There are only two outcomes: Security gets fixed (which is a major, major undertaking and requires a cultural change) or we will see a rather drastic end of the advantages of the information age for most people with just a few small elites still profiting.

Re:And this is why...

[drinkypoo]

Wouldn't this likely cause you to run out of space on your Google drive?

Not if you've had the foresight to buy a phone with a card slot, and saved your music etc. there. The apps don't get backed up, they just get reinstalled. Anything the user has sideloaded can be sideloaded again later; anything the user has installed from the Play store will be reinstalled.

I've used the tactic successfully, but then, I've got card slots. So perhaps this technique is not for everyone.