Symantec has already spotted 23 legitimate apps trojanized with AndroRAT

Jul 17, 2013 13:30 GMT  ·  By

In November 2012, a free Android remote access tool (DAT) dubbed AndroRAT surfaced. Now, experts say cybercrminals have launched a new tool that can be used to repackage the RAT with legitimate applications.

When it’s installed on an Android device, AndroRAT allows an attacker to remotely control the infected device via an easy-to-use control panel. The RAT can be used to monitor and make phone calls, intercept and send SMS messages, get the device’s GPS coordinates, gain control of the camera and microphone, and access files.

The newly released AndroRAT APK binder can be used by cybercriminals to trick device owners into installing the RAT while they believe they’re installing a legitimate application.

Worryingly, Symantec has already identified 23 popular legitimate apps trojanized with AndroRAT.

In addition, malware developers have started incorporating an Android module based on AndroRAT code into an Adwind, a Java RAT that supports multiple operating systems.

AndroRAT, detected by Symantec as Android.Dandro, has been spotted mainly in the United States and Turkey.