1. AC Question's Avatar
    I'm trying to find out if KNOX devices are immune to the Gooligan malware.
    12-01-2016 12:20 PM
  2. Rukbat's Avatar
    Sure it is. All you need is temporary root (which is why it takes so long to come up with a rooting method for some phones) so you can copy the su binary to /system/xbin.

    According to Forbes, "The malicious software first gains a foothold on devices when users visit a website and download a third-party app. Michael Shaulov, head of mobile and cloud Security Check Point, said that might be a porn site, or a third-party app store, where visitors are encouraged to download software to get access to content." so it has nothing to do with Knox (which is just a stub unless you download the whole app - and no one ever does unless forced to do so by their employer) or rooting. Your superuser app, usually SuperSU, asks you if you want to allow any app asking for root whether to grant it, then keeps a list of those apps you said "yes" for. Gooligan isn't going to get root unless you allow it to. (It probably doesn't even ask for root privileges.)
    Tim1954 likes this.
    12-01-2016 01:50 PM
  3. anon(632115)'s Avatar
    Yes, many root methods can trip Knox
    12-01-2016 01:50 PM
  4. Rukbat's Avatar
    They'll trip it (so the "untripped" flag is 1, not 0), but that has nothing to do with malware that doesn't need root.

    And a properly written rooting method won't trip Knox, it just shows as a custom ROM (which Wanam, running in Xposed, can reset to normal.)
    12-01-2016 03:21 PM
  5. anon(632115)'s Avatar
    I was responding to the text title which is different to the post content
    12-01-2016 03:25 PM

Similar Threads

  1. There is no sound on incoming and outgoing calls.
    By AC Question in forum Ask a Question
    Replies: 1
    Last Post: 12-02-2016, 04:44 PM
  2. Replies: 2
    Last Post: 12-01-2016, 02:53 PM
  3. Replies: 1
    Last Post: 12-01-2016, 12:40 PM
  4. Replies: 1
    Last Post: 12-01-2016, 12:09 PM
  5. Replies: 0
    Last Post: 12-01-2016, 12:01 PM