This malicious software has been stalking users for at least three years without being detected since it works in a very discreet way. First, it finds out if the user is root to determine the best way to approach the system and hide itself. It analyzes the sensitive resources of the device and creates a back door, establishing communication with the command and control server .
It is striking how effective its methods are to hide the processes it runs. It uses different encryption algorithms, such as AES, XOR, and ROTATE combined with ZLIB compression. To cover up the reception of control commands, RotaJarico accessed four domains through port 443 and using its own protocol .
The exact purpose of this malicious software is not entirely clear. It is capable of executing up to twelve different functions, so the researchers consider several hypotheses. It could be used to steal sensitive data, information from the infected terminal, take control and manage files or run specific plugins.
For more information about this malware, you can consult this article by 360 Netlab.