Malware targets Japanese market in particular

Jul 2, 2015 14:13 GMT  ·  By

A commercially available surveillance tool can abuse the Android accessibility features to intercept data from LINE, a voice and text communication app.

LINE enjoys large success in Japan because it allows users to exchange free text messages, voice and video calls. It can also be used to share photos and videos.

Android RAT can pilfer plenty of personal data

Researchers from Lookout discovered that a remote access tool commercially available under the name “Android Analyzer” implements functionality for reading content from a different app via the accessibility feature present in the phone.

The product is also known as AndroRATIntern in the security industry and its code is related to the AndroRAT malware toolkit. The information it can collect includes LINE messages, contact data, call logs, text, media files and the GPS location of the device.

On Android, apps are executed in a sandbox environment, to prevent third parties from retrieving its content. The Accessibility functions allow such access for actions like text-to-speech, but only when the activity is performed by the user.

“In the case of AndroRATIntern, the use of the accessibility service enables the threat to capture LINE messages when they are opened by the victim on an infected device,” Lookout researchers say.

Phone cannot be compromised remotely

On the upside, the surveillance tool cannot be delivered on an Android device seamlessly, such as in the case of a drive-by download attack, and the threat actor would need physical access to the device to install the malicious tool.

Lookout draws attention to the fact that an Android infected with AndroRATIntern does not spill the information only to the person who installed it but also to the company developing the tool.

There were cases in the past when such firms got popped by hackers and highly sensitive information was dumped online. One example is mSpy, who in May had to handle a breach that exposed personal data of thousands of users.