Tuesday, March 11, 2014

Dendroid Spying RAT Malware Found on Google Play

A new Android malware toolkit called Dendroid is being offered for sale by its creators, and at least one of the malicious APKs created with it has managed to fool Google Play's Bouncer...
The malicious APKs can purportedly intercept, block, and send out SMSes; record ongoing phone calls; take pictures, record video and audio by using the device's camera and microphone; download pictures the device owner has already made, as well as his or her browser history and bookmarks; and extract saved login credentials and passwords for a variety of accounts.

"Dendroid also comes bundled with a universal 'binder application.' This is a point-and-click tool that a customer can use to inject (or bind) Dendroid into any innocent target application that they choose with minimal effort," the researchers added.
"This means that all a wannabee malware author needs in order to start pumping out infected applications is to choose a carrier app, download it and then let Dendroid’s toolkit take care of the rest."

Sold for $300 (in crypto currencies), the toolkit comes with a warranty that the malware created with it will remain undetected.
The researchers have discovered one app created with Dendroid that managed to get included and offered on Google Play by leveraging anti-emulation detection code that fools Google Play's Bouncer, the automated app scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device. The app has since been removed from the market. (more)

Why this is important...
It means that any jerk with $300 and some computer skills can turn any other app into your worst nightmare. BTW, it can be detected. q.v. SpyWarn™ — coming soon.