Android RAT Builder Released

Friday, July 29, 2016 @ 03:07 PM gHale


There is a new RAT on the loose and it can view messages and listen to calls among other capabilities, researchers said.

The remote access Trojan (RAT) is SpyNote and it is similar to OmniRat and DroidJack, which allow malware owners to gain remote administrative control of an Android device.

RELATED STORIES
Linux Kernel Defenses added to Nougat
Android FDE Vulnerability Patched
Google makes 108 Fixes for Android
Android Keyboard App Collects Info

In addition to viewing messages and listening to calls, SpyNote can also collect device information and GPS location, exfiltrate contacts and files, turn on the device’s microphone for real-type spying purposes, activating the camera, but also make calls from the device, install malicious APKs, and update itself.

And it is capable of doing all of this without gaining root access to the device, said researchers with Palo Alto Networks.

As a part of the attack, the builder configures the RAT to contact a specific C&C server over a specific port. Once installed, the malware removes its icon in order to pass under the radar.

The malware itself is not difficult for experts to analyze, as its code is neither obfuscated nor protected.

The researchers said now this is out in the market, there may be an uptick of distribution campaigns delivering this particular piece of malware now the builder has leaked.

SpyNote does require users to give many permissions to be able to effect all of the actions mentioned above, so it’s not like it can pass unnoticed by all users.