Rootnik

Rootnik is a Trojan that targets Android devices version 4.3 and older. The Trojan has been spreading by hiding itself in legitimate apps such as Wi-Fi Analyzer, Open Camera, Infinite Loop, HD Camera, Windows Solitaire, ZUI Locker, and Free Internet Austria. Once installed, the malware can install and uninstall both system and non-system apps, download executable files from remote locations, steal personal info stored on the phone such as Wi-Fi passwords, and aggressively advertise, even displaying ads on the home screen. Updating Android devices to the newest version will prevent this malware from affecting the device. Solvusoft provides instructions on how to remove the Android malware on their website.                                                                                      

Reporting

  • January 2017: New version features anti-debugging and anti-hooking capabilities in an effort to inhibit efforts to reverse engineer it. (SCMagazine)

Technical Details

  • Palo Alto Network provides more technical details on Rootnik, available here.

Example of Rootnik's backend structure. Image Source: Palo Alto Network