Market of RAT (Remote Access Tools) programs and a longstanding demand of the hackers who organize both individual and corporate attack. These solutions were at one time used to attack the non-governmental organizations, political parties, or simply to capture data from a Web camera. However, until now smartphone users were out of sight of the authors RAT.
However, now the situation is changing. Antivirus company Symantec reported an increase in market RAT for the operating system Android. So, the new code Androrat is a remote administration tool that gives the attacker complete control over the device based on Android.
Androrat first version appeared in November 2012, the same year was published on GitHub source code of this decision. Code is packed in a standard for Android APK-application. After getting a smartphone Androrat installed on the device as a system service starts every time you start the device or operating as “active” application. After Androrat installed, the user does not have to interact with the code – the program operates autonomously.
It is capable of capturing all system logs data contact list, all the SMS-message, capture a photo with the camera, and report incoming and outgoing calls, passing various data to the server operator malware. Also malware can send messages from the application to the screen, send calls and text messages.
Recently, a number of black sites, where trading is done with malware, a version Androrat, equipped with a built-in binder that allows you to connect to Androrat legitimate programs to acquire more legitimate shell to break into the system. In Symantec say they found at least 23 applications for Android with built Androrat. The code has been integrated into including commercial solutions such as Adwind to work on different operating systems.
