For about $40, "binder" tool weaponizes Android apps for you

Share this article:
Android app lies to users that their device is infected by viruses, asks for money
Android app lies to users that their device is infected by viruses, asks for money

A tool that "trojanizes" legitimate Android apps may be a dream come true for criminals with ill intent but little skill or patience to craft their own malicious code.

According to researchers at Symantec, for just $37, saboteurs can buy the AndroRAT APK Binder, currently being sold on underground forums. Andrea Lelli, a Symantec researcher, wrote in a Tuesday blog post that binders are the “first tools that easily allow users to repackage and trojanize legitimate Android applications with AndroRAT,” a remote access trojan (RAT) for Android devices that was made freely available online last November by online crooks.

With the binder tool in tow, saboteurs can readily turn popular games or other applications, like calendars or newsfeeds, into weaponized apps that infect devices with AndroRAT – which can make calls and send text messages, operate the microphone and camera, and access victims' GPS coordinates and other data stored on the device.

In a Wednesday interview, Vikram Thakur, principal security response manager at Symantec, told SCMagazine.com that the Android binder has an easily accessible control panel.

“The binder will ask you for a clean application, and ask where you want to set up your command-and-control server,” Thakur said. “Someone who doesn't need to know anything about code can do this for about 40 bucks. Eventually, you are going to have to distribute that trojanized application yourself, but it will give you the code. It just spits out the package for the application."

So far, fewer than 1,000 devices worldwide have been infected with AndroidRAT, also known as Dandro, with the majority of cases in the United States and Turkey.

Symantec researchers have tracked a rise in infection numbers recently, however, and expect incidents to increase as fraudsters continue to develop tools, like binders, to spread Android remote access trojans.

About 23 popular apps have been infected with AndroRAT, Symantec found, though none have been detected in the official Google Play store.

Thakur added that one red flag among the apps infected with AndroRAT is that they are usually available for free in third-party stores, while the clean versions of the apps required payment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.