Saboteurs slip Dendroid RAT into Google Play

Share this article:
Android WebView exploit published, most devices vulnerable to old bug
Google quickly removed the malware, which was disguised as a legitimate parental control app.

A new remote access tool (RAT) that trojanizes Android apps made its way into Google's official app store.

Last Wednesday, Symantec first warned users about the $300 RAT called Dendroid that contained an application APK binder package for compromising apps.  

By Thursday, different researchers at mobile security firm Lookout revealed that a limited number of Android users had already been tricked into downloading the malware.

Marc Rogers, principal security researcher at San Francisco-based Lookout, wrote in the Thursday post that Dendroid had been slipped into Google Play, though the spurious app was speedily removed. According to an Ars Technica report, the malware was masquerading as a legitimate app called Parental Control, and had been downloaded 10 to 50 times before Google took it down.

Of note, Dendroid is capable of taking over a phone's camera, downloading existing photos, recording calls, audio and video, and sending texts from victims' devices.

While Lookout researchers don't believe Dendroid will become a significant threat due to security firms being on alert for the malware, the toolkit does endorse a business model “reminiscent of Russian custom malware toolkits,” Lookout's Rogers noted.

Dendroid's author accepts payment for the malware in Bitcoin and offers a warranty that the RAT will skirt detection once dispatched, he added.

“Dendroid also comes bundled with a universal ‘binder application,'” Rogers wrote. “This is a point-and-click tool that a customer can use to inject (or bind) Dendroid into any innocent target application that they choose with minimal effort. This means that all a wannabe malware author needs in order to start pumping out infected applications is to choose a carrier app, download it and then let Dendroid's toolkit take care of the rest,” he warned.

On Monday, Jeremy Linden, senior security product manager at Lookout, told SCMagazine.com via email that the company “has not detected any further apps using the Dendroid toolkit” since last week, but that the malware could resurface.

“Because it was sold as a set of automated tools for malware writers to use to plug malicious functions into apps, it's very possible that we could see it again,” Linden said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.