A new HTTPS RAT for Android-based mobile devices is now for sale on underground marketplaces, researchers said.
The remote administration tool (RAT) is Dendroid, and costs $300, and contains an application APK binder package, which allows attackers to lace authentic apps with malicious code and turn them into malware, according to a blog post by Peter Coogan, a Symantec researcher.
One of the moves for the RAT is to convert a well-known legitimate Android app and turn it into a Trojan and then get it placed onto Android marketplaces. Then the victim would need to download it and then it is off to the races.
The feature set of Dendroid is robust, the Symantec security researcher said, explaining that, once the victim suffers an infection, an attacker can perform literally any action, including calling phone numbers, recording audio, intercepting texts, opening apps and websites, and even taking and uploading photos.
“This holds the potential for stealing lots of personally identifiable information from the victim and even the victim’s contacts,” the Symantec security researcher said. “It can be used for financial gain by sending text messages or using it to dial premium rate numbers.”
Norton Mobile Security can detect the Dendroid threat, but users can prevent infection altogether by not blindly accepting permissions, the Symantec security researcher said, adding users should also carefully monitor their service bills for any irregular charges.
“Google is doing what it can to mitigate these types of threats,” the Symantec security researcher said. “One of the biggest problems we see is that when improvements are implemented, they don’t get rolled out to all users as it is dependent on the individual’s service carrier to push out said updates.”