At the beginning of the year, Kai Lu conducted an in-depth analysis of the variant of the rootnik malicious code from Android and posted it on the blog. He continued to track this family of malicious programs Android and in early June discovered a new version of malware rootnik.
It should be noted that this malware was NOT found in Google Play. The malware developer has introduced malicious code into the application. That’s why both the legal and the repackaged versions of this app use the same package name “net.gotsun.android.wifi_configuration”. This disguise can lull the vigilance of even careful users, as well as the malware uses advanced anti-debug techiques to prevent it from being reverse-engineered.
Kai Lu provides a deep analysis of this malware variant.