Since yesterday, WhatsApp and Zygote have been asking for root permissions on my phone via supersu. Apparently zygote is a system app.
Is this malware? Lookout scan came up clean.
Asked
Active
Viewed 1.1k times
21
-
5On another note, if you allowed them to get root, you should consider your device to be compromised and wipe it completely. – Léo Lam Jan 08 '17 at 10:03
-
1Are you using Xposed ? Seems like issue with Xposed – samnaction Jan 09 '17 at 12:06
-
I have got the same on Android 6, rooted with Xposed Framework. It suddenly happened, I did not install some suspected stuff. Whatsapp works normal. P | grep Zygote brings 3 entries: Zygote, Zygote64 and xposed_zygote_service. – Matze Jan 09 '17 at 11:11
-
Do you have the whatsapp extention exposed module installed? check the xda-thread. – nYce Jan 10 '17 at 00:25
1 Answers
28
It is unlikely for WhatsApp to need root privileges, and impossible for zygote to ask for it.
Zygote is an essential system component that is started by init process itself while booting, so it does implicitly inherit root privileges.
Matter of fact, zygote is responsible for starting every other app, be it system apps or other apps.
Having said that, these two apps (installed in your device that asks for root access) are strongly MALWARE.
If you have ADB, issue the command adb shell ps | grep zygote. (Or from Terminal Emulator as ps | grep zygote)
I believe the output will be two processes: one is the real zygote, and the other 'zygote' is part of a package name, which is a malware.
-
1To clarify are you saying WhatsApp is strongly malware? Or the specific program calling itself whatsApp that op has installed is malware? (I'm asking from an unrooted Android phone that has WhatsApp installed) – BruceWayne Jan 08 '17 at 00:23
-
12@BruceWayne The real WhatsApp is fine - it would be all over the news if it weren't as it is the #18 free app on the Play Store. He's talking about the fake WhatsApp OP may have. – Piper McCorkle Jan 08 '17 at 04:13
-