[Kinguser & Kingroot]

Long story short, I rooted my Android device with Kingroot (APK was obtained from hxxp://d-h.st/dueJ, hopefully this isn't a tampered version, if someone could please double check?), and at the end of the process, there's this super-user management tool called Kinguser that got installed on my device.

 

• This Kinguser app got detected by Malwarebytes as Lotoor or something like that (meanwhile SuperSU or other super-user management tool doesn't get detected as anything).
• Tried replacing this with SuperSU, but SuperSU couldn't replace the binaries.
• Tried Freezing the app, and it can't be frozen (even bloatwares can be frozen).
• Submitted to APK to VirusTotal, and looks like it's a new file to VirusTotal, so either this file is unique to my device, or no one has tried scanning it on VirusTotal yet.

 

This app also has permissions like Camera, which is totally unnecessary for a super-user management tool (and can't find any actual Camera function inside the app either).

 

So, is this thing actually malicious? Or behaves the above way but isn't actually malicious (e.g. to protect against unroot)? And, can it be malicious in the future if it's not actually malicious now (e.g. if it has a backdoor)?

 

 

Inside the attachment is the APK file for this Kinguser thing.

Kinguser.zip

 

Thank you so much in advance for the help!!

[Help with a pop up]

Pretty sure it's just a scam message shown by the website (not a malware on your phone). Just close the browser/page & don't visit that page again.