14 DAY TRIAL // The builder for a new type of Android remote access trojan (RAT) has recently leaked on malware discussion forums, and security vendors expect it to start infecting users in the immediate future.
Palo Alto Networks experts claim that this new RAT, nicknamed SpyNote, is similar, feature-wise, to other well-known Android RATs such as OmniRat and DroidJack.
Based on the features they've discovered, Palo Alto says that SpyNote allows attackers a wide range of intrusive actions.
SpyNote features a big feature set
This includes the ability to update itself, download and install new apps, view SMS messages, listen to calls, make calls, retrieve the contact list, and get technical details such as the device's IMEI number, Wi-Fi MAC address, and cell-phone carrier details.
Additionally, the RAT allows crooks to get the phone's last GPS location, listen to or record audio via the device's microphone, or even access the video camera in real time.
All of these were possible without SpyNote having to gain root access on the device, albeit the app in which the RAT was hidden would ask for a large number of permissions, raising suspicions for attentive users.
No root access required
Currently at version 2, SpyNote features a builder that will allow crooks to create their own version of the RAT, which will communicate with custom C&C servers configured during the building process.
It is unknown if the RAT will be available as an open tool or as paid-for malware on underground hacking forums. Common sense dictates that its authors would opt for the second option, but with the builder leaked, they might have a hard time monetizing their malware.
Below is a video presentation of SpyNote features, along with an image of the control panel the crooks would use to control infected devices.
