This malicious application uses ARP spoofing to intercept traffic within a local network. Root access is required for the application to work. The application uses the iptable class=”most_attacked_countries”. Core functionality related to traffic modification is contained in ELF files.
Geographical distribution of attacks by the HackTool.AndroidOS.Arpspoof family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware