- Home
- Techniques
- Mobile
- Exploit OS Vulnerability
Exploit OS Vulnerability
A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.
Procedure Examples
| Name | Description |
|---|---|
| Agent Smith |
Agent Smith exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.[12] |
| BrainTest |
Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.[5] |
| Dvmap |
Dvmap attempts to gain root access by using local exploits.[11] |
| Exodus |
Exodus Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.[10] |
| FinFisher |
FinFisher comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.[9] |
| Gooligan | |
| HummingBad |
HummingBad can exploit unfixed vulnerabilities in older Android versions to root victim phones.[8] |
| INSOMNIA |
INSOMNIA exploits a WebKit vulnerability to achieve root access on the device.[13] |
| Pegasus for Android |
Pegasus for Android attempts to exploit well-known Android OS vulnerabilities to escalate privileges.[4] |
| Pegasus for iOS |
Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.[7] |
| ShiftyBug |
ShiftyBug is packed with at least eight publicly available exploits that can perform rooting.[1] |
| Skygofree |
Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[2] |
| SpyDealer |
SpyDealer uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.[6] |
Mitigations
| Mitigation | Description |
|---|---|
| Application Vetting |
Application vetting may be able to identify the presence of exploit code within applications. |
| Security Updates | |
| Use Recent OS Version |
References
- Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.
- Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.
- Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.
- Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.
- Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.
- Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.
- Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.
- Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.
- Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.
- Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.
- R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.
- A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.
- A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020.