Trusted Design

Rootnik Android Trojan Abuses Commercial Rooting Tool

概要

Palo Alto recently analyzed a Trojan named “Rootnik” which uses a customized commercial root tool named “Root Assistant” to gain root access on Android devices. By reverse engineering and repackaging this tool, the creators of Rootnik successfully stole at least five exploits that give them root access to Android devices that are running Android 4.3 and earlier. Root Assistant was developed by a Chinese company to help individuals gain root access to their own devices. However, Rootnik uses this tool to attack phones all over the world. Based on the data we have collected, Android users in United States, Malaysia, Thailand, Lebanon and Taiwan have been affected by the Trojan thus far.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.66)
Group 123 (update June 4th 2018) (score: 0.64)
Banking Trojan infected dozens of Android apps worldwide (score: 0.64)
ZBot Malware (score: 0.64)
Android Trojan C2 (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 3.88

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1199 - Trusted Relationship

MITREへのリンク →

LuminousMoth

Score: 9.14

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1550 - Use Alternate Authentication Material
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer

MITREへのリンク →

Aoqin Dragon

Score: 3.88

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1199 - Trusted Relationship

MITREへのリンク →

Darkhotel

Score: 3.03

Matched TTPs:

T1058 - Service Registry Permissions Weakness

MITREへのリンク →

Mustang Panda

Score: 11.06

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1199 - Trusted Relationship
T1209 - Time Providers
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

FIN7

Score: 11.31

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1588.001 - Malware
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

APT28

Score: 17.81

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1550 - Use Alternate Authentication Material
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1546.007 - Netsh Helper DLL

MITREへのリンク →

Tropic Trooper

Score: 10.13

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1209 - Time Providers
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Medusa Group

Score: 6.75

Matched TTPs:

T1218.003 - CMSTP
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

Threat Group-3390

Score: 6.75

Matched TTPs:

T1218.003 - CMSTP
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

Dragonfly

Score: 3.44

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1199 - Trusted Relationship

MITREへのリンク →

Patchwork

Score: 3.44

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1199 - Trusted Relationship

MITREへのリンク →

Ember Bear

Score: 8.49

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1209 - Time Providers
T1003.003 - NTDS

MITREへのリンク →

BlackByte

Score: 4.36

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1209 - Time Providers

MITREへのリンク →

Lazarus Group

Score: 12.71

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

APT32

Score: 15.38

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN6

Score: 10.05

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1556 - Modify Authentication Process

MITREへのリンク →

Ke3chang

Score: 3.44

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1199 - Trusted Relationship

MITREへのリンク →

menuPass

Score: 5.21

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

Kimsuky

Score: 9.74

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1003.003 - NTDS
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN13

Score: 7.38

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1105 - Ingress Tool Transfer

MITREへのリンク →

Wizard Spider

Score: 5.69

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

Naikon

Score: 3.86

Matched TTPs:

T1588.001 - Malware
T1209 - Time Providers

MITREへのリンク →

Fox Kitten

Score: 3.86

Matched TTPs:

T1588.001 - Malware
T1209 - Time Providers

MITREへのリンク →

PROMETHIUM

Score: 4.76

Matched TTPs:

T1588.001 - Malware
T1490 - Inhibit System Recovery

MITREへのリンク →

Magic Hound

Score: 4.71

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

BackdoorDiplomacy

Score: 4.71

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

APT41

Score: 4.71

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

Turla

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

APT29

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Scattered Spider

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1027.002 - Software Packing

MITREへのリンク →

FIN8

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 5.36

Matched TTPs:

T1199 - Trusted Relationship
T1209 - Time Providers
T1556 - Modify Authentication Process

MITREへのリンク →

Sea Turtle

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Contagious Interview

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

Thrip

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

APT33

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

Play

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Salt Typhoon

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

Rocke

Score: 4.43

Matched TTPs:

T1209 - Time Providers
T1105 - Ingress Tool Transfer

MITREへのリンク →

RedCurl

Score: 4.43

Matched TTPs:

T1209 - Time Providers
T1105 - Ingress Tool Transfer

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.79

Matched TTPs:

T1055.008 - Ptrace System Calls
T1058 - Service Registry Permissions Weakness
T1199 - Trusted Relationship
T1546.007 - Netsh Helper DLL
T1105 - Ingress Tool Transfer
T1550 - Use Alternate Authentication Material

MITREへのリンク →

APT32

Score: 0.71

Matched TTPs:

T1209 - Time Providers
T1556 - Modify Authentication Process
T1588.001 - Malware
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery
T1105 - Ingress Tool Transfer
T1550 - Use Alternate Authentication Material

MITREへのリンク →

Lazarus Group

Score: 0.59

Matched TTPs:

T1209 - Time Providers
T1556 - Modify Authentication Process
T1588.001 - Malware
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1550 - Use Alternate Authentication Material

MITREへのリンク →

FIN7

Score: 0.58

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1588.001 - Malware
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る