Menu
New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

The tool can be used to add malicious functionality to legitimate applications, researchers from Symantec said

A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.

The toolkit is called Dendroid and can be used to create "trojanized" apps -- legitimate applications with malicious code added to them -- that connect back to a command-and-control server over HTTP and allow attackers to perform a variety of malicious actions on devices that have those apps installed.

Dendroid is marketed by its creators as an Android remote administration tool (RAT) and is being sold for US$300, security researchers from Symantec said Wednesday in a blog post. Buyers receive a tool called an "APK Binder" that can be used to add the Dendroid RAT functionality and its required permissions to any clean APK (Android application package) as well as access to a sophisticated PHP-based control panel that allows detailed management of the infected devices.

Dendroid's features include deleting call logs and files; calling phone numbers; opening Web pages; recording calls and audio from the microphone; intercepting text messages; taking and uploading photos and videos; opening applications and launching HTTP flood (denial-of-service) attacks for a period of time specified by the attacker.

Dendroid is not the first Android RAT, but is one of the most sophisticated one seen to date.

"Dendroid is a much improved remote access tool that is definitely aimed for commercial purposes," said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, Thursday via email. "Although it roughly does the same as Androrat [an older Android RAT], it appears to be much more stable and allows cybercriminal groups to better manage the pool of mobile bots."

"Another interesting aspect would be the fact that Dendroid is currently delivered as a service: while the buyer gets the bot builder, the control panel is hosted by the team behind Dendroid on offshore virtual private servers, according to their claims," he said.

According to Botezatu, the commercialization of professionally designed DIY (do-it-yourself) malware toolkits for Android is a significant development and signals a shift in the malware landscape for the platform. Technically speaking, Android malware has pretty much followed in the footsteps of Windows malware, he said.

"On the PC platform, other crimeware toolkits like Zeus (Trojan.Zbot) and SpyEye (Trojan.Spyeye) started off in a similar manner and grew quickly in popularity due to their ease of use and notoriety stemming from the high profile crimes perpetrated as a result of their usage," the Symantec researchers said.

"Cybercrime is all about making easy money with minimum of effort," Botezatu said. "Creating a piece of malware that is stable, tested and does not crash the host device requires a lot of work and skill." Using an affordable DIY builder like Zeus, SpyEye and now Dendroid, is a much more convenient alternative for cybercriminals, he said.

While malware distribution on Android is harder to scale than on Windows, because Google has gotten much better at policing the Google Play store in recent years, there are variety of techniques that attackers can and have used to trick users into installing malicious apps on their devices.

These techniques include distributing malicious apps through third-party app stores that are very popular in certain markets like China or Russia, using Windows malware to inject rogue messages into Web browsing sessions to claim the rogue apps are associated with trusted sites like online banking ones, and even selling phones with trojanized apps pre-installed on them.

A mobile security company called Marble Security recently identified a fake and malicious Netflix app that came pre-installed on multiple Android devices from Samsung Electronics, Motorola Mobility and LG Electronics. The company believes the app might have been installed on the devices somewhere in the supply chain.

Malicious apps are still found from time to time on Google Play, but they're usually quickly removed. In a marketing video posted by the Dendroid authors online they claim that the new RAT contains techniques to bypass detection by Bouncer, Google Play's automated malware scanner, and other anti-virus programs. However, it's not clear how effective those alleged techniques actually are.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags symantecGooglesecuritymobile securityspywaremalwareprivacybitdefenderMarble Security

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments