rageagainstthecage-arm5.bin - Trojan?

Status
Not open for further replies.
Search This thread

guruleenyc

Senior Member
Aug 6, 2010
315
13
CT
My Kaspersky is detecting a trojan in this rooting file:

Exploit.Linux.Lotoor.g

See attached screen-shot;

Let me know if this is in fact a false positive...?
 

styles420

Senior Member
Nov 12, 2010
2,379
1,390
Samsung Galaxy S21
It's a false positive. Promise.

It's not a false positive, the exploit that we use works just like any trojan - it provides back-door access to the system. We're just using a virus to crack open the system long enough to install a more permanent access to root.

That's right, viruses aren't necessarily bad - it just depends on how they're used ;)
 
  • Like
Reactions: alex_herrero

Kcarpenter

Senior Member
Nov 24, 2009
3,344
145
Clinton, TN
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
 
D

Deleted member 2173701

Guest
yeah true true. virus by deffinition yes. but technically anything can be defined as a "virus" by allowing access to "alter" the original programming to allow access to functions other than what the manufacturer intended. dont worry. most antivirus's find a virus in anything. a key generator shows up as a virus. dont worry. your safe.
 

richse

Senior Member
Oct 25, 2009
411
26
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App

What you wrote makes no sense, the reason the anti-virus detects it as a trojan is because it includes exploit code to obtain root in LINUX. It won't do anything to a windows box but it can completely own a vulnerable linux box. So telling someone they would need to switch to linux in order to avoid this exploit is ridiculous.
 
Last edited:

shabbypenguin

Inactive Recognized Developer
May 30, 2010
4,895
5,361
36
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
 

richse

Senior Member
Oct 25, 2009
411
26
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless

YES, but the reason I responded to that last post was because he was telling someone to switch from windows to linux in order to avoid a linux exploit. There are plenty of valid reasons to switch, but that would have to be the stupidest one I have ever seen put forth.
 

styles420

Senior Member
Nov 12, 2010
2,379
1,390
Samsung Galaxy S21
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless

The exploitation of adb is used to get the RATM file on the phone... then RATM uses an exploit in the linux kernel to gain root access. I'm pretty sure RATM isn't using adb to do its magic. What I don't know, is if it is exploiting a part of the kernel that is android specific, or a part that is in every linux kernel
 

DRockstar

Retired Recognized Developer
Sep 30, 2010
309
561
Pasadena, CA
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless

shabbypenguin is right guys... you can't hack regular linux with this... so don't worry about it, and move on...

just be sure to reactivate your antivirus after using it.
 

Geniusdog254

Retired Recognized Developer
Jan 2, 2009
1,110
169
St. Louis
shabbypenguin is right guys... you can't hack regular linux with this... so don't worry about it, and move on...

just be sure to reactivate your antivirus after using it.

The exploitation of adb is used to get the RATM file on the phone... then RATM uses an exploit in the linux kernel to gain root access. I'm pretty sure RATM isn't using adb to do its magic. What I don't know, is if it is exploiting a part of the kernel that is android specific, or a part that is in every linux kernel

It's busting open the adb daemon on the phone, which runs as root. It'll do nothing to a desktop linux box unless you have an ARMv7 powered desktop running an Android specific kernel :p
 

Kcarpenter

Senior Member
Nov 24, 2009
3,344
145
Clinton, TN
What you wrote makes no sense, the reason the anti-virus detects it as a trojan is because it includes exploit code to obtain root in LINUX. It won't do anything to a windows box but it can completely own a vulnerable linux box. So telling someone they would need to switch to linux in order to avoid this exploit is ridiculous.

As has been stated, its not a linux exploit. Its an adb exploit, quit trying to associate things and sound smarter than you are. Just because your shirt is red, and your car is red doesn't mean you can drive your shirt. :p what I said makes perfect sense.

Sent from my SPH-D700 using XDA App
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    It's a false positive. Promise.

    It's not a false positive, the exploit that we use works just like any trojan - it provides back-door access to the system. We're just using a virus to crack open the system long enough to install a more permanent access to root.

    That's right, viruses aren't necessarily bad - it just depends on how they're used ;)
    1
    And this wonderful thread has now been closed ;) Too much OT guys, and the topic has been exhausted.