For the uninitiated, RATs, or “remote access trojans” for long, are pieces of code that enable hackers to gain access to a device’s webcam and microphone without the owner becoming aware that their phone, laptop, or tablet has been compromised.
Chief security researcher for Lookout Mobile Marc Rogers was the first to spot the infected application, cleverly disguised under the name Parental Control.
Based on a brand new malware building platform known as “Dendroid”, the infrastructure for spying wasn’t the only feature that raised eyebrows at the mobile security firm. Apparently Dendroid comes with a bevy of tools that allow hackers to intercept, send, or block text messages, download browser histories/stored pictures, and even bind malicious code to apps that are otherwise harmless and dormant.
Perhaps most frighteningly is its ability to skirt Bouncer, Google’s answer to the thousands of malware-laced apps that are submitted to the Google Play store every week.
“This toolkit is different from the majority of custom Android malware solutions in other ways as well. Most of these solutions typically just offer a few pieces of code for the wannabe malware author to insert into an innocent target application. More sophisticated features, such as command and control of infected devices, is then left up to the operator to implement. Dendroid, on the other hand, offers a full command and control infrastructure with a control panel every bit as feature rich as some of the more sophisticated Russian botnets.”
Overall, Google estimates that the Dendroid-infected app was only downloaded about 50 times in total before their engineers were alerted to the threat and it was swiftly taken down.
That said, they are clearly concerned about Dendroid’s ability to trick their automatic emulation system into thinking an app is innocent when it carries a payload as dastardly as the one found in Parental Control, and have issued a warning that you should always be careful of what you download from their Store and never trust anything merely at face value alone.