Threat description




MemPoDroid.A is a tool for exploiting the mem_write function in Android Linux kernel, which upon successful exploitation, could grant an attacker a major access to a compromised device.


Automatic action

When detected during scanning, F-Secure SAFE will prompt you for a desired action. You may assess the detected file and choose to Uninstall, Quarantine or keep it installed on your device. More information about these options can be found at Help Center: Assess files detected during scanning.


More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

This is the Android port of the recently released "MemPoDipper" exploit that affects the non-Android distribution of the Linux kernel.

MemPoDroid.A is an Android Native binary executable that exploits the mem_write function in the Android Linux kernel version 2.6.39 and above.

This version of Android Linux kernel is commonly found on newer releases of Android devices, which runs on the Android 4.0 (Ice Cream Sandwich) version of operating system.

A successful exploitation may result in gaining a major user access on the affected device, granting the attacker the capability to perform any actions on the device.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info