VirusAndroid/DrdDream.A!exploit
Analysis
- This detection is for a set of Android-based packages that are intended to root Android devices.
- Some of the malware components may be included in some legitimate Android application packages.
- One of the exploit codes that it is shipped with is called rageagainstthecage, a privilege escalatation exploit that is detected as Android/DroidRt.B!tr.
- Another component is named gotroot, which is detected as ELF/Lotoor.BR!exploit. This is the component that is responsible for rooting the device.
- Once the device has been infected, the malware has the following capabilities:
- Gain administrator rights of the infected device.
- Consume data minutes of the infected device due to access of device network connection.
- Potentially update itself and download other threats.
- Gain acccess to the contents of the external media of the device.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-08-21 | 79.78900 | Sig Updated |
| 2020-08-21 | 79.78800 | Sig Added |
| 2020-07-03 | 78.61200 | Sig Updated |
| 2020-07-03 | 78.61100 | Sig Added |
| 2019-05-30 | 68.90500 | Sig Updated |
| 2019-05-30 | 68.90400 | Sig Added |
| 2019-05-29 | 68.88300 | Sig Updated |
| 2019-05-29 | 68.88200 | Sig Added |
| 2019-05-25 | 68.78800 | Sig Updated |
| 2019-05-25 | 68.78700 | Sig Updated |