DroidJack RAT hits hacker forums, comes from legitimate app developers

  • 26 November 2014
  • 1 reply
  • 690 views

Userlevel 7
Badge +54
Ashley Carman, Editorial Assistant  November 25, 2014
 
Legitimate app developers have moved on to more malicious endeavors, and, in one recently detailed case, they used their skills to create a new Android remote administration tool (RAT) called DroidJack. 
 
Full Article

1 reply

Userlevel 7
The following article is a update

Developers of Android RAT DroidJack Traced to India

By Eduard Kovacs on November 26, 2014
 
The creators of the Android remote administration tool (RAT) called DroidJack started off as legitimate application developers, but when they realized that their products were not as successful as they had hoped, they turned to developing a crimeware tool.
Researchers at Symantec have been monitoring the evolution of the threat, which was first released in April 2013 on Google Play as Sandroid, a legitimate application for controlling PCs from an Android smartphone.
In late December 2013, someone announced the availability of SandroRAT on a hacker forum. SandroRAT was advertised as an Android application that could be used to take control of smartphones from a computer. The advertisement contained links to the Sandroid app on Google Play.
SandroRAT was analyzed by researchers at McAfee in August when it had been distributed via spam emails as a Kaspersky mobile security application. At the time, attackers targeted banking users in Poland.
According to Symantec, DroidJack (detected by the company as Android.Sandorat) is the latest version of the RAT. It was announced on June 27, 2014 on the same hacker forum and by the same individual who offered to sell SandroRAT. DroidJack is sold on its own website for $210, the cost of a lifetime package.
 
full article
 

Reply