RAT malware is attacking Android

Posted: July 19, 2013 in IT Security News
Tags: , , , ,

Symantec CorpMarket of RAT (Remote Access Tools) programs and a longstanding demand of the hackers who organize both individual and corporate attack. These solutions were at one time used to attack the non-governmental organizations, political parties, or simply to capture data from a Web camera. However, until now smartphone users were out of sight of the authors RAT.

However, now the situation is changing. Antivirus company Symantec reported an increase in market RAT for the operating system Android. So, the new code Androrat is a remote administration tool that gives the attacker complete control over the device based on Android.

Androrat first version appeared in November 2012, the same year was published on GitHub source code of this decision. Code is packed in a standard for Android APK-application. After getting a smartphone Androrat installed on the device as a system service starts every time you start the device or operating as “active” application. After Androrat installed, the user does not have to interact with the code – the program operates autonomously.

It is capable of capturing all system logs data contact list, all the SMS-message, capture a photo with the camera, and report incoming and outgoing calls, passing various data to the server operator malware. Also malware can send messages from the application to the screen, send calls and text messages.

Recently, a number of black sites, where trading is done with malware, a version Androrat, equipped with a built-in binder that allows you to connect to Androrat legitimate programs to acquire more legitimate shell to break into the system. In Symantec say they found at least 23 applications for Android with built Androrat. The code has been integrated into including commercial solutions such as Adwind to work on different operating systems.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s