For about $40, "binder" tool weaponizes Android apps for you

Share this article:
Android app lies to users that their device is infected by viruses, asks for money
Android app lies to users that their device is infected by viruses, asks for money

A tool that "trojanizes" legitimate Android apps may be a dream come true for criminals with ill intent but little skill or patience to craft their own malicious code.

According to researchers at Symantec, for just $37, saboteurs can buy the AndroRAT APK Binder, currently being sold on underground forums. Andrea Lelli, a Symantec researcher, wrote in a Tuesday blog post that binders are the “first tools that easily allow users to repackage and trojanize legitimate Android applications with AndroRAT,” a remote access trojan (RAT) for Android devices that was made freely available online last November by online crooks.

With the binder tool in tow, saboteurs can readily turn popular games or other applications, like calendars or newsfeeds, into weaponized apps that infect devices with AndroRAT – which can make calls and send text messages, operate the microphone and camera, and access victims' GPS coordinates and other data stored on the device.

In a Wednesday interview, Vikram Thakur, principal security response manager at Symantec, told SCMagazine.com that the Android binder has an easily accessible control panel.

“The binder will ask you for a clean application, and ask where you want to set up your command-and-control server,” Thakur said. “Someone who doesn't need to know anything about code can do this for about 40 bucks. Eventually, you are going to have to distribute that trojanized application yourself, but it will give you the code. It just spits out the package for the application."

So far, fewer than 1,000 devices worldwide have been infected with AndroidRAT, also known as Dandro, with the majority of cases in the United States and Turkey.

Symantec researchers have tracked a rise in infection numbers recently, however, and expect incidents to increase as fraudsters continue to develop tools, like binders, to spread Android remote access trojans.

About 23 popular apps have been infected with AndroRAT, Symantec found, though none have been detected in the official Google Play store.

Thakur added that one red flag among the apps infected with AndroRAT is that they are usually available for free in third-party stores, while the clean versions of the apps required payment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.