{"id":11083,"date":"2011-09-15T09:26:31","date_gmt":"2011-09-15T16:26:31","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=11083"},"modified":"2025-06-04T03:52:31","modified_gmt":"2025-06-04T10:52:31","slug":"rooting-exploit-for-android","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/","title":{"rendered":"Rooting Exploit for Android Works Silently"},"content":{"rendered":"<p>In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our collection and observed that this malicious application uses a rooting exploit that targets Android devices running OS Versions 2.3 or earlier to gain root privileges on the compromised device.<\/p>\n<p>The malware binary is packaged with a legitimate application. In this case, the malicious exploit code comes with \u201cDaily Beauties,&#8221; which showcases pictures of celebrities that are updated periodically. Attackers use this repacking approach to hide their malware within genuine applications, which users will download and install.<\/p>\n<h2>Repacking An Application With Malicious Code<\/h2>\n<p>The following image represents the repacking a legit application with malicious code. These repackaged applications are made available in Android black markets and third-party markets.<\/p>\n<p style=\"text-align: left;\" align=\"center\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11086\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\" alt=\"\" width=\"369\" height=\"138\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter2.jpg 369w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter2-300x112.jpg 300w\" sizes=\"auto, (max-width: 369px) 100vw, 369px\" \/><\/a><\/p>\n<p style=\"text-align: left;\" align=\"center\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Figure 1: Repackaged application<\/p>\n<p style=\"text-align: left;\" align=\"center\">This malicious application requires the following user permissions:<\/p>\n<p style=\"text-align: left;\" align=\"center\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11088\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter5.jpg\" alt=\"\" width=\"736\" height=\"310\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter5.jpg 736w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter5-300x126.jpg 300w\" sizes=\"auto, (max-width: 736px) 100vw, 736px\" \/><\/a><\/p>\n<p align=\"center\">Figure 2: User permissions required by the malicious application<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\"><br \/>\n<\/a>From the preceding list of permissions requested by the malicious application, I was curious about two in particular.<\/p>\n<ul>\n<li>android.permission.MOUNT_UNMOUNT_FILESYSTEMS<\/li>\n<li>android.permission.WRITE_OWNER_DATA<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"text-align: left;\" align=\"center\">Why would an application that displays pictures of celebrities require permission to write user data and mount\/unmount file systems?<\/p>\n<p style=\"text-align: left;\" align=\"center\">Upon opening the malicious application we see the names of celebrities, as shown in the below figure. The victims would see the pictures, but they wouldn\u2019t see the malicious service running in the background.<\/p>\n<p style=\"text-align: center;\" align=\"center\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\"><br \/>\n<\/a><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Lotter4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11096\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Lotter4.jpg\" alt=\"\" width=\"537\" height=\"377\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Lotter4.jpg 767w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Lotter4-300x210.jpg 300w\" sizes=\"auto, (max-width: 537px) 100vw, 537px\" \/><\/a><\/p>\n<p style=\"text-align: center;\" align=\"center\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/looter6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11089\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/looter6.png\" alt=\"\" width=\"266\" height=\"384\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/looter6.png 380w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/looter6-208x300.png 208w\" sizes=\"auto, (max-width: 266px) 100vw, 266px\" \/><\/a><\/p>\n<p style=\"text-align: center;\" align=\"center\">Figure 3: A picture of the celebrity showcased by the application<\/p>\n<p style=\"text-align: left;\" align=\"center\">So how does the exploit work? The malicious application has four files bundled along with the legit application. They can be found in the asset folder of the application package. The file names appear in Figure 4:<\/p>\n<p align=\"center\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/looter7.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11090\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/looter7.jpg\" alt=\"\" width=\"413\" height=\"86\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/looter7.jpg 413w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/looter7-300x62.jpg 300w\" sizes=\"auto, (max-width: 413px) 100vw, 413px\" \/><\/a><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/looter7.jpg\"><br \/>\n<\/a><\/p>\n<p align=\"center\">Figure 4: Malicious files in the asset folder of the Android application package<\/p>\n<p>The file gbfm.png carries the exploit code; the others are script\/shell files. all four masquerade as PNG image files, although they are originally ELF (gbfm.png, runme.png) and shell script (install.png, installsoft.png) files.<\/p>\n<p>When the required services start, the malicious application renames the .png extension to .sh and executes the exploit as shell script.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter8.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11091\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter8.jpg\" alt=\"\" width=\"843\" height=\"212\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter8.jpg 843w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter8-300x75.jpg 300w\" sizes=\"auto, (max-width: 843px) 100vw, 843px\" \/><\/a><\/p>\n<p align=\"center\">Figure 5: Renaming the .png extension to .sh extension<\/p>\n<p>The malicious application first checks for the version of the Android OS and then exploits it:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter9.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11092\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter9.jpg\" alt=\"\" width=\"754\" height=\"327\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter9.jpg 754w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter9-300x130.jpg 300w\" sizes=\"auto, (max-width: 754px) 100vw, 754px\" \/><\/a><\/p>\n<p align=\"center\">Figure 6: Malware checks for the Android OS version and executes the exploit<\/p>\n<p>The malware next checks for the <a href=\"http:\/\/en.wikipedia.org\/wiki\/User_identifier\">Unix user identifier<\/a> of the currently running process and stores it. Then it triggers the exploit (gbfm.sh). If it&#8217;s successful, the malware will elevate the device to the root privilege.<\/p>\n<p>When the device is successfully rooted, it will run the install.sh script, which will set the appropriate file permissions <a href=\"http:\/\/en.wikipedia.org\/wiki\/Chmod\">(chmod 4775)<\/a> to the system partition and copies the shell from the bin folder \/system\/bin\/sh to the folder created by the malicious application \/system\/xbin\/appmaster. Thus the shell can be accessed whenever it wishes and the system partition is remounted.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter10.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11093\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter10.jpg\" alt=\"\" width=\"674\" height=\"540\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter10.jpg 674w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter10-300x240.jpg 300w\" sizes=\"auto, (max-width: 674px) 100vw, 674px\" \/><\/a><\/p>\n<p align=\"center\">Figure 7: Setting up the file permissions<\/p>\n<p>After a while, the malware executes the installsoft.sh script, which silently downloads more APK files in the background and installs them by executing the &#8220;pm install&#8221; command in the root shell.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter11.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11094\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter11.jpg\" alt=\"\" width=\"778\" height=\"244\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter11.jpg 778w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter11-300x94.jpg 300w\" sizes=\"auto, (max-width: 778px) 100vw, 778px\" \/><\/a><\/p>\n<p align=\"center\">Figure 8: Installing APK files in the background<\/p>\n<p>The malware retrieves the following information from the compromised device and sends that information to a remote site:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter12.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11095\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter12.jpg\" alt=\"\" width=\"473\" height=\"362\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter12.jpg 473w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter12-300x229.jpg 300w\" sizes=\"auto, (max-width: 473px) 100vw, 473px\" \/><\/a><\/p>\n<p align=\"center\">Figure 9: User information retrieved by the malicious file<\/p>\n<p>The exploit will work only when the device has an SD card installed. If not, it will not run. McAfee products detect this malware in our latest DATs as <a href=\"http:\/\/home.mcafee.com\/VirusInfo\/VirusProfile.aspx?key=549589\">Linux\/Exploit-Lotoor<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an&#8230;<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[37,180],"coauthors":[1477],"class_list":["post-11083","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-android","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Rooting Exploit for Android Works Silently | McAfee Blog<\/title>\n<meta name=\"description\" content=\"In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rooting Exploit for Android Works Silently | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-09-15T16:26:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T10:52:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"369\" \/>\n\t<meta property=\"og:image:height\" content=\"138\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"Rooting Exploit for Android Works Silently\",\"datePublished\":\"2011-09-15T16:26:31+00:00\",\"dateModified\":\"2025-06-04T10:52:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/\"},\"wordCount\":594,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\",\"keywords\":[\"android\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/\",\"name\":\"Rooting Exploit for Android Works Silently | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\",\"datePublished\":\"2011-09-15T16:26:31+00:00\",\"dateModified\":\"2025-06-04T10:52:31+00:00\",\"description\":\"In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Rooting Exploit for Android Works Silently\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rooting Exploit for Android Works Silently | McAfee Blog","description":"In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Rooting Exploit for Android Works Silently | McAfee Blog","og_description":"In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2011-09-15T16:26:31+00:00","article_modified_time":"2025-06-04T10:52:31+00:00","og_image":[{"width":369,"height":138,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/09\/Looter2.jpg","type":"image\/jpeg"}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"Rooting Exploit for Android Works Silently","datePublished":"2011-09-15T16:26:31+00:00","dateModified":"2025-06-04T10:52:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/"},"wordCount":594,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg","keywords":["android","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/","name":"Rooting Exploit for Android Works Silently | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg","datePublished":"2011-09-15T16:26:31+00:00","dateModified":"2025-06-04T10:52:31+00:00","description":"In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/09\/Looter2.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rooting-exploit-for-android\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Rooting Exploit for Android Works Silently"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/11083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=11083"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/11083\/revisions"}],"predecessor-version":[{"id":215096,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/11083\/revisions\/215096"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=11083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=11083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=11083"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=11083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}