In the past few days, developers on the XDA-Developers forum have discovered a new root exploit for recent Samsung phones. Normally a root exploit is a good thing for advanced users; they can modify their OS to improve performance, install new and rare apps, or even patch bugs. On the other hand, novice and uninformed users can have their phones targeted by attackers looking to reduce security and steal money or personal data. Malware writers have previously taken exploits written by the legitimate rooting community and repackaged them along with their malware to gain absolute control of a victim’s device.
XDA-Developers member alephzain discovered the vulnerability and created an exploit. A second forum member, Chainfire, packaged the exploit into an app that installed the exploit and rooted vulnerable phones. The app was later modified to disable the vulnerability to prevent an attacker from entering your phone.
[...]
Already exploited? Not maliciouslyWith such an open vulnerability in the wild, one might think that malware authors would be rushing to weaponize the exploit. Fortunately only Chainfire has done so, with this mobile rooting app. Currently knowledgeable phone “modders” can download and install this app to root their phones. And so can attackers, intent on stealing your personal data or money.
To protect against the latter situation, we detect the most recent versions of Chainfire’s tool as Android/ExynosToor.A-B, and alephzain’s exploit as Exploit/ExymemBrk.A.
