Remote access toolkits (RATs) for Android are nothing new, but until now they’ve mostly targeted the Asia region.
Now researchers at mobile security specialist Lookout have uncovered Dendroid, a custom RAT aimed at users in western countries. Dendroid’s author is selling the toolkit online with payment in virtual currencies like Bitcoin and even offers a warranty promise that it will remain undetected.
Writing on the Lookout blog Marc Rogers, Principal Security Researcher at Outlook says, “The toolkit is being sold for $300 to anyone who wants to automate the malware distribution process. The creator promises that the malware can take pictures using the phone’s camera, record audio and video, download existing pictures, record calls, send texts, and more”.
More worrying still is that Dendroid is designed to evade detection by Bouncer, the malware protection system used by Google on the Play Store. It uses an anti-emulation system to avoid executing any bad code that might trigger the detection system.
Amongst an impressive list of features Dendroid can spy on the user by taking photos or making video and audio recordings, intercept and block SMS messages, download browsing history and saved bookmarks, send texts as the device owner and record outgoing calls.
Rogers concludes, “Thanks to the quick identification and detection of Dendroid by security companies we don’t anticipate Dendroid becoming a major threat. However, it does represent a step change upwards in the complexity of all-in-one malware toolkits for Android. Toolkits of this sophistication changed the PC landscape significantly as it lowered the barrier for entry and enabled relatively unskilled malware operators to control substantial botnets with a level of control they would never have been able to reach on their own”.
Android users are advised to stay safe by ensuring that the Unknown Sources system setting is turned off in order to prevent drive-by installs and to install a mobile security app.
Image Credit: style-photography.de / Shutterstock