It is no surprise every mobile device is under constant threat of attack, and their security has to be a top priority for every network administrator and user alike. One of these attacks could be in the form of a particular type of malware called a remote access tool — known as RAT — that will give a remote user control of an infected device. Many of these have been written in Java, which is the main reason your IT staff has been making sure Java is turned off in all of your office’s browsers.
A recent official blog post by Symantec Senior Software Engineer Andrea Lelli about a free RAT for Android has been making the rounds on hacker sites since late last year. Now, apparently the first binder tools that allow illicit programmers to easily repackage legitimate applications with this RAT known as AndroRAT (Android.Dandro) have emerged.
AndroRAT allows a hacker to control an infected device directly through a control panel interface that is reportedly quite user friendly. AndroRat can monitor and make phone calls, send text messages, get the device’s GPS coordinates and use peripheral features such as the camera and microphone. And the APK binder allows a hacker to turn an otherwise legitimate app into a Trojan horse without the need for too much skill on the part of the hacker.
To date, Symantec has logged more than 23 cases where popular legitimate apps have been Trojanized post-market with AndroRAT, and several hundred infections worldwide. It isn’t a pandemic yet, but unchecked it could easily become one.
So, what can you, as a user of an Android device, do to prevent this from happening? The answer is pretty simple — only download apps from an approved source, such as your organization’s app store. Also, you need to have a security app that can detect viruses like Android.Dandro and remove them — or even better, prevent them from being installed.
Actually, those are good practices no matter what operating system your device has. Because don’t think hackers aren’t working on RATs for all major operating systems, because you can bet they are.