14 DAY TRIAL // Security researchers have come across a new remote access Trojan (RAT) specifically designed to target Android devices. The threat is called Dendroid.
According to experts from Symantec, Dendroid, detected by the company’s solutions as Android.Dendoroid, costs $300 (€216), amount which can be paid via virtual currencies such as Bitcoin or Litecoin. The seller, an individual who uses the online moniker “Soccer,” promises 24/7 support for his creation.
Dendroid is an HTTP RAT that comes with an application binder package and a complex PHP administration panel.
The RAT is capable of deleting call logs, opening arbitrary web pages, calling phone numbers, recording calls and audio, taking photos and videos and uploading them to a remote server, opening apps, intercepting text messages, and even initiating denial-of-service (DOS) attacks for a certain period of time.
Back in July 2013, Symantec spotted a variant of the AndroRAT Android RAT that came with an APK binder. APK binders enable cybercriminals to repackage their creations with legitimate Android applications.
Now, experts believe that the author of the binder included in Dendroid has been assisted by the creator of the AndroRAT binder.
“The creation of Dendroid and the positive feedback on underground forums for this type of threat shows that there is a strong cybercriminal marketplace for such tools,” Symantec’s Peter Coogan explained in a blog post.