A new Remote Administration Tool for Google’s Android platform has become available in the darkest corners of the Internet. This particular type of tool is bundled into a malware package that has the ability to claim control of the devices of those who use an app that has been infected, effectively turning the unwitting smartphone or tablet into a spyware zombie.
The latest addition to the arsenal of the unscrupulous goes by the name of “Dendroid” and is being sold on the underground market for as little as $300. A tool like this would normally pass by unnoticed, but Dendroid differs from others in the fact that it offers unlimited usage for the relatively small amount of money an individual has to part with. It also comes bundled with the unnerving ability to hide amongst legitimate apps on the Play Store without being detected by Google’s malware scanning abilities.
The scary stuff begins when a user – who is none the wiser – installs an infected app onto their Android smartphone or tablet. The individual(s) responsible for infecting the app in the first place has the ability to gain remote access to the installed device and effectively take control of the hardware. This level of remote access would allow undetected access to photographs, stored data and message archives that are on the device. Perhaps more terrifying, it would also grant access to the microphone and camera modules.
A number of researchers from Lookout Security have taken the time to look into Dendroid, and are surprised by the methods its developers have implemented purely just to evade detecting by Bouncer, Google’s malware detection software.
It looks as if Dendroid was designed with evading Play Store security in mind. Amongst its numerous features, Dendroid features some relatively simple — yet unusual — anti-emulation detection code that helps it evade detection by Bouncer, Google’s anti-malware screening system for the play store.
The introduction and availability of this latest sophisticated Remote Administration Tool further brings attention to the fact that the Android platform is relatively easy pickings for malicious types who are serious about embarking on malware activity.
It seems that the market for these types of tools is so lucrative, and is becoming such a commonplace that security researchers involved in the field have furnished the software with the abbreviated name “RAT”. The Android platform is now responsible for a staggering 92% of all known malware on mobile platforms, which has risen from 47% two years ago. The question is, what will Google do about this, if anything?
You may also like to check out: