Menu
New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

The tool can be used to add malicious functionality to legitimate applications, researchers from Symantec said

A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.

The toolkit is called Dendroid and can be used to create "trojanized" apps -- legitimate applications with malicious code added to them -- that connect back to a command-and-control server over HTTP and allow attackers to perform a variety of malicious actions on devices that have those apps installed.

Dendroid is marketed by its creators as an Android remote administration tool (RAT) and is being sold for US$300, security researchers from Symantec said Wednesday in a blog post. Buyers receive a tool called an "APK Binder" that can be used to add the Dendroid RAT functionality and its required permissions to any clean APK (Android application package) as well as access to a sophisticated PHP-based control panel that allows detailed management of the infected devices.

Dendroid's features include deleting call logs and files; calling phone numbers; opening Web pages; recording calls and audio from the microphone; intercepting text messages; taking and uploading photos and videos; opening applications and launching HTTP flood (denial-of-service) attacks for a period of time specified by the attacker.

Dendroid is not the first Android RAT, but is one of the most sophisticated one seen to date.

"Dendroid is a much improved remote access tool that is definitely aimed for commercial purposes," said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, Thursday via email. "Although it roughly does the same as Androrat [an older Android RAT], it appears to be much more stable and allows cybercriminal groups to better manage the pool of mobile bots."

"Another interesting aspect would be the fact that Dendroid is currently delivered as a service: while the buyer gets the bot builder, the control panel is hosted by the team behind Dendroid on offshore virtual private servers, according to their claims," he said.

According to Botezatu, the commercialization of professionally designed DIY (do-it-yourself) malware toolkits for Android is a significant development and signals a shift in the malware landscape for the platform. Technically speaking, Android malware has pretty much followed in the footsteps of Windows malware, he said.

"On the PC platform, other crimeware toolkits like Zeus (Trojan.Zbot) and SpyEye (Trojan.Spyeye) started off in a similar manner and grew quickly in popularity due to their ease of use and notoriety stemming from the high profile crimes perpetrated as a result of their usage," the Symantec researchers said.

"Cybercrime is all about making easy money with minimum of effort," Botezatu said. "Creating a piece of malware that is stable, tested and does not crash the host device requires a lot of work and skill." Using an affordable DIY builder like Zeus, SpyEye and now Dendroid, is a much more convenient alternative for cybercriminals, he said.

While malware distribution on Android is harder to scale than on Windows, because Google has gotten much better at policing the Google Play store in recent years, there are variety of techniques that attackers can and have used to trick users into installing malicious apps on their devices.

These techniques include distributing malicious apps through third-party app stores that are very popular in certain markets like China or Russia, using Windows malware to inject rogue messages into Web browsing sessions to claim the rogue apps are associated with trusted sites like online banking ones, and even selling phones with trojanized apps pre-installed on them.

A mobile security company called Marble Security recently identified a fake and malicious Netflix app that came pre-installed on multiple Android devices from Samsung Electronics, Motorola Mobility and LG Electronics. The company believes the app might have been installed on the devices somewhere in the supply chain.

Malicious apps are still found from time to time on Google Play, but they're usually quickly removed. In a marketing video posted by the Dendroid authors online they claim that the new RAT contains techniques to bypass detection by Bouncer, Google Play's automated malware scanner, and other anti-virus programs. However, it's not clear how effective those alleged techniques actually are.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags symantecGooglesecuritymobile securityspywaremalwareprivacybitdefenderMarble Security

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments