When the Trojanized version of the legitimate app is installed on the device, the user unsuspectingly installs AndroRAT alongside the legitimate app they intended to install. When used in conjunction with the AndroRAT APK binder, it easily allows an attacker with limited expertise to automate the process of infecting any legitimate Android application with AndroRAT, thus Trojanizing the app. The RAT comes in the form of an APK which is the standard application format for Android. For example, when running on a device, AndroRAT can monitor and make phone calls and SMS messages, get the device’s GPS coordinates, activate and use the camera and microphone and access files stored on the device. Like other RATs, it allows a remote attacker to control the infected device using a user friendly control panel. A “binder” tool being sold on underground forums advertised as the first binder everīack in November 2012, an open source RAT for Android named AndroRAT was published and made accessible to everyone on the Internet. Now, unsurprisingly, the underground economy that caters to the needs of cybercriminals has created the first tools (called “binders”) that easily allow users to repackage and Trojanize legitimate Android applications with AndroRAT.įigure 1. Since late last year, underground forums have been offering a free Android RAT known as AndroRAT ( Android.Dandro). With the growing popularity of the Android operating system, it comes as no surprise that the Android OS is the latest target and is not immune to RATs. In a previous blog, we talked about the rise of remote access tools (RAT) written in Java that are capable of running on multiple operating systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |