Have you ever heard of AndroRAT?
This is an open-source mobile malware that allows a hacker to remotely attack and control your Android device. This remote access tool (RAT) was created back in 2012. But, like the regular virus, there is a new strain of AndroRAT that was recently discovered.
You can think of it as a major improvement of its predecessor since it comes with extensive capabilities to spy and steal data. More than reason enough to be extra careful when downloading infected apps.
What is AndroRAT?
This open-source malware was first created as a proof of concept. But has evolved over the years to become a tool with a more malicious intent.
With its user-friendly control panel, hackers can remotely attack a device in several ways:
- Make phone calls
- Send SMS messages
- Acquire a device’s GPS coordinates
- Access files stored on a handset
- Activate and use the camera and microphone
What is so special about AndroRAT is that it can also target Mac OS and Windows platforms. RAT will communicate with the command and control server that was implanted by the attacker and then later control to perform various commands.
On the latest AndroRAT
The latest strain of AndroRAT has the ability to access advanced level privileges on an Android device. If you have an unpatched remote execution vulnerability CVE-2015-1805, a hacker can easily inject root exploits and then take advantage of critical vulnerabilities on your Android device.
Trend Micro researchers say the new strain is disguised as an app called TrashCleaner and distributed via a malicious URL. It is clear that the sources are third-party download sites or phishing attacks.
Bharat Mistry, principal security strategist at Trend Micro told ZDNet, “There is a good chance the URL could have been delivered through an ‘in-app’ advertisement in another app such as a popular game.”
Newer Android devices can be patched to make them less vulnerable to attacks. But older devices are not so lucky since they lack Google’s support, leaving them vulnerable to attacks.
How does it work?
Once the TrashCleaner app is downloaded and installed, the Android device is prompted to install a calculator app with the same logo as a standard Android calculator but with a Chinese label.
The TrashCleaner icon is then removed from the infected device’s UI while the rat is activated in the background. Because the added app suddenly disappears, most users don’t suspect that anything is wrong.
But once activated the hacker can:
- Record audio
- Monitor communications
- Take photos
- Steal Wi-Fi names
- Steal browser history from pre-installed browsers
- Upload additional files
- Abuse accessibility service for keylogging and executing shell commands
How do you prevent AndroRAT infection?
Avoid programs where AndroRAT may be distributed:
- Chat software
- Email attachments
- Fake updates of software already installed on your device
- Free downloadable games
- IRC channels
- Legitimate websites infected with Trojans
- Malicious websites designed specifically to inject Trojans
- Malicious video players and codecs
- Social media links point to infected files websites
The best is not exhaustive, so be careful when downloading different apps from any source. Make sure to install anti-virus apps for Android as well.