Skip to content ↓ | Skip to navigation ↓

Researchers from mobile security provider Lookout have detected the Dendroid Remote Access Toolkit (RAT) in rogue APK files (Android application package files) on Google play, and note that the malicious code is actively targeting Android users in Western nations.

The malicious APKs have the ability to send and intercept SMS text messages, capture video from the devices camera and audio from calls using the microphone, download images stored on the device, monitor browser history and bookmarks, and read saved login credentials for user’s accounts.

“Remote access Trojans that let criminals spy on you are a nasty issue, but when you find one in the Google Play store, it sounds off some alarms,” the researchers stated.

The Dendroid toolkit is being offered for sale on black market sites for around $300 dollars, and the malicious code can be used to automate malware distribution for widespread attack operations, and is apparently supported by a sophisticated criminal enterprise.

“On top of all of these features, the toolkit comes with a business model that is highly reminiscent of Russian custom malware toolkits. The author is selling the toolkit online, demanding payment in currencies like Bitcoin, and provides a warranty promise that the malware will remain undetected,” the researchers explained.

“While this type of complete toolkit based approach is common in the Russian underground, especially with banking Trojans, this type of model is unusual to find in the U.S.”

the RAT is also specifically designed to evade Play Store security meant to keep malicious code out of the application marketplace, and thus far only one malicious app with the Dendroid code in it has been detected and removed from the Play Store.

“Dendroid features some relatively simple — yet unusual — anti-emulation detection code that helps it evade detection by Bouncer, Google’s anti-malware screening system for the play store,” the researchers said.

Read More Here…