HijackRAT Provides Hackers with an Impenetrable Mobile Malware Suite

This week researchers at the Internet security firm FireEye took to their blog to announce the discovery of a new mobile malware variant called HijackRAT, which is actually a suite of several different pieces of software that can take care of everything a hacker might need all from a single source.

Photo: Google

Photo: Google

Everything from tasks as simple as threat spoofing to something as complex as remote access execution can easily be achieved by HijackRAT, as well as several other features designed to keep the infected application updated to stay one step ahead of the fuzz as often as possible.

HijackRAT is just one of several “all-in-one” mobile malware multi-tools that have been plaguing Android as of late, taking up the shelves with other equally devious kits like the iBanking trojan, which was capable of not only tracking all of a user’s banking activity and sending the gathered information back to a covert command server, but also completely hijacking the OS from the ground up to control what an unsuspecting user saw on their screen, the messages they received, and the updates that fed through their locally installed Facebook app.

It’s due to threats like these that Android users should be especially on guard, because once the infection takes hold it’s essentially a free lunch for any other attackers who might need a device to set up shop on and want to keep their movements as under-the-radar as their code will allow.

The banking trojan would be scary enough on its own without all the frills to back it up, and now researchers have warned that with the inclusion of many of the same attack vectors first found with iBanking, HijackRAT could signal the beginning of a terrifying trend which could put the whole of the Android user base on their heels if customers aren’t careful.

“The package name of this new RAT malware is ‘com.ll’ and appears as Google Service Framework with the default Android icon,” read the report.

“So far, the VirusTotal score of the sample is only five positive detections out of 54 AV vendors. Such new malware is published quickly partly because the command-and-control (C&C) server, which the hacker uses, changes so rapidly.”

By giving remote control of the infected device to hackers, the dutifully-equipped malware application can:

  • steal and send SMS messages
  • track and target internal contacts
  • initiate malicious app updates
  • scan for legitimate banking apps installed on the victim’s mobile phone and replace them with fakes utilities
  • attempt to disable any mobile security software or antivirus solution that might be installed on a compromised Android device

One of these on their own would be enough to send any self-respecting mobile owner running from the hills, and combined they represent a whole new breed of threat to the Android ecosystem which could be its eventual undoing if Google doesn’t step up to address the issue soon.

A spokesperson for the Android team has already responded to concerns over the new trojan, claiming that users shouldn’t worry for their safety as long as the Bouncer application is working in overtime on their behalf.