« previous next »
Pages: [1]   Go Down

Author Topic: Is this Android (adb) file really infected?  (Read 2460 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Is this Android (adb) file really infected?
« on: March 22, 2014, 02:48:03 PM »
I generally trust on xda forum files.
But one of them is continuosly being reported as infected.
https://www.virustotal.com/en/file/f1a3863e9c691e5598080fdefa068e54cb246a3967fe6db8bbfe6fc5860ac36d/analysis/1395495631/

The tool (setup) file is here: hxxp://www.adbtoolkit.com/_nightly_builds/#.Uy2Se1eun9N
And this is the xda forum thread of this tool: http://forum.xda-developers.com/showpost.php?p=51284232&postcount=80

Is it really infected? Or is it a phobia coming from generic signatures/heuristics? VT panic?
Logged
The best things in life are free.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: Is this Android (adb) file really infected?
« Reply #1 on: March 22, 2014, 03:10:59 PM »
First submission 2012-02-10 07:16:04 UTC ( 2 years, 1 month ago )
Still detected by 33 AV ..... i would say that is infected.....and detected as a exploit

Google the CVE number and you find out what it does.......CVE-2012-0056.A

Logged

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Is this Android (adb) file really infected?
« Reply #2 on: March 22, 2014, 03:56:40 PM »
Hello,

Have you tried using the official ( http://developer.android.com/tools/help/adb.html ) instead? Is there something different in the xda variant that would want to make you install it instead of the official?

Regards,
~!Donovan
Logged
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: Is this Android (adb) file really infected?
« Reply #3 on: March 22, 2014, 11:51:11 PM »
Quote from: !Donovan on March 22, 2014, 03:56:40 PM
Hello,

Have you tried using the official ( http://developer.android.com/tools/help/adb.html ) instead? Is there something different in the xda variant that would want to make you install it instead of the official?

Regards,
~!Donovan
Yes, it's part of a tool (GUI).
Answer in XDA:
Quote
mempodroid is a known exploit to gain root privileges on android. It has been packaged in its original form to aid in rooting some devices. The antivirus is correct in identifying it, but it does not affect Windows environments, and is not dangerous or harmful when used for escalating privileges on Android to gain root.
http://forum.xda-developers.com/showpost.php?p=51285503&postcount=81

Maybe it could be a PUP? What do virus lab guy think?
Logged
The best things in life are free.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Is this Android (adb) file really infected?
« Reply #4 on: March 23, 2014, 02:01:22 AM »
Well if it is indeed a "known exploit to gain root privileges" as the poster states, then the detection is valid. It is malicious in a way that gives your device more privileges through exploitation, which can be used for both good and bad purposes.

~!Donovan
Logged
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Pages: [1]   Go Up
« previous next »