New Android RAT Malware

Thursday, July 18, 2013 @ 05:07 PM gHale


Tools that can inject legitimate Android apps with open-source software that allows an attacker to control of a smartphone remotely are available in the underground market, researchers said.

The new tool, called a binder, costs $37 and links to a free remote access tool (RAT) that is growing in popularity, said researchers at Symantec. Known as AndroRAT, the open-source software first released in November 2012.

RELATED STORIES
Music App a Political Android Trojan
Android Master Key Open to Attack
Skype Android Vulnerability
Viber Android Security Bypass

Binder simplifies the process of repackaging a legitimate app with AndroRAT. Once the malware makes contact with the command and control (C&C) server, a criminal can use a customer friendly control panel to monitor and make phone calls, send text messages, use the smartphone’s camera and microphone, access files and get the device’s GPS coordinates, Symantec said.

AndroRAT comes packaged as an APK, which is the standard application format for Android. The AndroRAT-binder combo allows attackers with limited expertise to infect a legitimate app that’s more likely to get permission to access smartphone data and services.

“All we’re seeing right now is just a maturing evolution of a landscape that is allowing lesser technical people to come in and try their hand at some of this criminal activity themselves,” said Vikram Thakur, principal manager at Symantec Security Response.

Symantec has counted nearly two-dozen popular apps carrying AndroRAT. To date, only several hundred phones suffered a hit, mostly in the U.S. and Turkey.

Symantec expects that number to rise as the sophistication of AndroRAT increases.

“As time goes on there will be a lot more tools available, possibly some even cheaper, once the market gets flooded,” Thakur said.



Leave a Reply

You must be logged in to post a comment.