A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.
The toolkit is called Dendroid and can be used to create "trojanized" apps -- legitimate applications with malicious code added to them -- that connect back to a command-and-control server over HTTP and allow attackers to perform a variety of malicious actions on devices that have those apps installed.
Dendroid is marketed by its creators as an Android remote administration tool (RAT) and is being sold for US$300, security researchers from Symantec said Wednesday in a blog post. Buyers receive a tool called an "APK Binder" that can be used to add the Dendroid RAT functionality and its required permissions to any clean APK (Android application package) as well as access to a sophisticated PHP-based control panel that allows detailed management of the infected devices.
Dendroid's features include deleting call logs and files; calling phone numbers; opening Web pages; recording calls and audio from the microphone; intercepting text messages; taking and uploading photos and videos; opening applications and launching HTTP flood (denial-of-service) attacks for a period of time specified by the attacker.
Dendroid is not the first Android RAT, but is one of the most sophisticated one seen to date.
Full Article
New crimeware tool Dendroid makes it easier to create Android malware, researchers warn
Userlevel 7
+54
Userlevel 7
+62
This is very scary indeed. Thanks for the post Jasper! Dumb question tho but I'm going to ask anyways. Will Webroot handle this or am I missing the point?
Userlevel 7
Very good question, SSherjj. I think we need the help of experts to answer that... @ @ would you kindly be able to shed some light on this from a professional perspective?
Thanks in advance.
Regards
Baldrick
Thanks in advance.
Regards
Baldrick
Userlevel 7
+62
Certainly will follow the link. Thanks
Userlevel 7
+35
I did bring this up to our Android researchers when this was posted yesterday. What makes it different from other Android malware is that it is more like the constuction kits that we see for PC malware. One of the trends we've been seeing with Android malware for some time now is how much it continues to look more like PC walware. This is something we can protect against. It should be noted that this is not something that you would be likely to pick up from Google Play, this type of malware would be distributed on third-party markets.
-Dan
-Dan
Userlevel 7
+62
No wonder I couldn't find ya, As Baldrick mentioned to turn this over to you..I wasn't thinking of going into Android section. I will hop over there shortly. Thanks for the explanation, I feel a lot better now. Third parties huh? Will try to post in the right areas next time.
Userlevel 7
+35
If I (or any of the community folks really) see something Android-related, we'll pass it along to our Android researchers. There are quite a few third-party app markets out there, but you have to turn off the "Allow installation of non-market apps" setting on in order to install apps from those markets.@ wrote:
No wonder I couldn't find ya, As Baldrick mentioned to turn this over to you..I wasn't thinking of going into Android section. I will hop over there shortly. Thanks for the explanation, I feel a lot better now. Third parties huh? Will try to post in the right areas next time.
-Dan
Userlevel 7
+62
Thank you Dan, I have that unchecked, which was that way by default, so I should be good then. Others might not know that.
Userlevel 7
Thanks for the tag pick up, Dan...much appreciated. Always good to have the low down from the professionals...especially the Webroot professionals. :D@ wrote:
I did bring this up to our Android researchers when this was posted yesterday. What makes it different from other Android malware is that it is more like the constuction kits that we see for PC malware. One of the trends we've been seeing with Android malware for some time now is how much it continues to look more like PC walware. This is something we can protect against. It should be noted that this is not something that you would be likely to pick up from Google Play, this type of malware would be distributed on third-party markets.
-Dan
Cheers
Baldrick
Userlevel 7
+54
The Dendroid tool has started being used already Malware designed to take over cameras and record audio enters Google Play
Userlevel 7
+52
Android Malware 'Dendroid' targeting Indian Users
The number of malware variants has increased rapidly and today 99 out of 100 mobile viruses are targeting Android Devices. Most of the sophisticated malware has the capability to steal keylogs, send text messages to the premium numbers, steal personal data without requesting permission from the device user, also have the caliber to modify SMS and MMS messages and contacts. Mobile Malware can modify or steal the content stored on your device's SD card and some advancebotnet malware even can give complete remote control of your device to an attacker. The Indian Computer Emergency Response Team (CERT-IN) warned about a currently active Dendroid malware campaign that is spreading across India, targeting Android users. "It has been reported that a malicious toolkit called DENDROID is being used to create trojanized applications that infects Android-based Smartphones. The malware is created by modifying the required permissions by any clean APK (Android Application Package) with Dendroid RAT functionality that allows detailed management of the infected devices," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory. Full Article
The number of malware variants has increased rapidly and today 99 out of 100 mobile viruses are targeting Android Devices. Most of the sophisticated malware has the capability to steal keylogs, send text messages to the premium numbers, steal personal data without requesting permission from the device user, also have the caliber to modify SMS and MMS messages and contacts. Mobile Malware can modify or steal the content stored on your device's SD card and some advancebotnet malware even can give complete remote control of your device to an attacker. The Indian Computer Emergency Response Team (CERT-IN) warned about a currently active Dendroid malware campaign that is spreading across India, targeting Android users. "It has been reported that a malicious toolkit called DENDROID is being used to create trojanized applications that infects Android-based Smartphones. The malware is created by modifying the required permissions by any clean APK (Android Application Package) with Dendroid RAT functionality that allows detailed management of the infected devices," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory. Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.