Saboteurs slip Dendroid RAT into Google Play

Share this article:
Android WebView exploit published, most devices vulnerable to old bug
Google quickly removed the malware, which was disguised as a legitimate parental control app.

A new remote access tool (RAT) that trojanizes Android apps made its way into Google's official app store.

Last Wednesday, Symantec first warned users about the $300 RAT called Dendroid that contained an application APK binder package for compromising apps.  

By Thursday, different researchers at mobile security firm Lookout revealed that a limited number of Android users had already been tricked into downloading the malware.

Marc Rogers, principal security researcher at San Francisco-based Lookout, wrote in the Thursday post that Dendroid had been slipped into Google Play, though the spurious app was speedily removed. According to an Ars Technica report, the malware was masquerading as a legitimate app called Parental Control, and had been downloaded 10 to 50 times before Google took it down.

Of note, Dendroid is capable of taking over a phone's camera, downloading existing photos, recording calls, audio and video, and sending texts from victims' devices.

While Lookout researchers don't believe Dendroid will become a significant threat due to security firms being on alert for the malware, the toolkit does endorse a business model “reminiscent of Russian custom malware toolkits,” Lookout's Rogers noted.

Dendroid's author accepts payment for the malware in Bitcoin and offers a warranty that the RAT will skirt detection once dispatched, he added.

“Dendroid also comes bundled with a universal ‘binder application,'” Rogers wrote. “This is a point-and-click tool that a customer can use to inject (or bind) Dendroid into any innocent target application that they choose with minimal effort. This means that all a wannabe malware author needs in order to start pumping out infected applications is to choose a carrier app, download it and then let Dendroid's toolkit take care of the rest,” he warned.

On Monday, Jeremy Linden, senior security product manager at Lookout, told SCMagazine.com via email that the company “has not detected any further apps using the Dendroid toolkit” since last week, but that the malware could resurface.

“Because it was sold as a set of automated tools for malware writers to use to plug malicious functions into apps, it's very possible that we could see it again,” Linden said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.