Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.

We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names

Published Jan 29, 2014 | Updated Sep 15, 2017

Learn about other threats

HackTool:AndroidOS/ZergRush.B

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Microsoft Defender for Endpoint detects and removes this threat.

This tool that uses a vulnerability in Android devices to "root" or hack the device.

It is usually done by someone using the device who wants to get around limitations set by the device's manufacturer or carrier (for example, a phone carrier may limit updates on the device).

The following versions of Android operating systems are vulnerable:

Android OS 2.2.x through to and including 2.2.2 (Froyo)
Android OS 2.3.x through to and including 2.3.6 (Gingerbread)

Some apps that are known to use this hacktool include:

SuperOneClick Android phone rooter
SuperOneClick Kindle Fire rooter

We recommend you don't use hacktools as they can be associated with malware or unwanted software.

HackTool:AndroidOS/ZergRush.B

Summary

Technical information

Threat behavior

Prevention

Symptoms