Threat Encyclopedia



  • This detection is for a set of Android-based packages that are intended to root Android devices.

  • Some of the malware components may be included in some legitimate Android application packages.

  • One of the exploit codes that it is shipped with is called rageagainstthecage, a privilege escalatation exploit that is detected as Android/DroidRt.B!tr.

  • Another component is named gotroot, which is detected as ELF/Lotoor.BR!exploit. This is the component that is responsible for rooting the device.

  • Once the device has been infected, the malware has the following capabilities:
    • Gain administrator rights of the infected device.
    • Consume data minutes of the infected device due to access of device network connection.
    • Potentially update itself and download other threats.
    • Gain acccess to the contents of the external media of the device.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.