1 results (0.004 seconds)

CVSS: 9.3EPSS: 1%CPEs: 38EXPL: 1

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. • https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack https://www.kb.cert.org/vuls/id/624539 https://www.securityfocus.com/bid/94393 • CWE-264: Permissions, Privileges, and Access Controls CWE-494: Download of Code Without Integrity Check •