Android Security Faces Huge Malware Threat
During the rise of the technological advancement, it has been evident that work has been made easier, communication became faster as time went buy, and information has been readily accessible to almost everyone with just a few punches on our laptops.
However, nobody really noticed that some people are starting to abuse the advancement of technology against the security. In the words of Andrea Lelli, Symantec Senior Software Engineer, she described the mushrooming of an underground market for malware tools that are based on a remote administration tool that provides an attacker ultimate manipulation over gadgets running on Android operating system. This tool is known as the “Androrat.”
It was in November 2012 when Androrat was published in GitHub. It was simply an open source tool for remote administration of devices from Android. It penetrated the market easily as it was packaged as a standard application for Android. Once installed, it can be remotely activated by a call or an SMS message from a certain phone number, without the user directly interacting with the app.
Once the app gains complete access to the device, it can grab contact details, call logs, and all public and private SMS messages even before the user had even read them. Not only that, it could even monitor a call activity live, take photos in the built-in camera of the gadget, and stream audio input from the phone’s microphone back to the server. And just when you think it couldn’t get any worse, it can also send text messages, make phone calls, and search the Internet with the phone’s browser.
Now we are faced with a greater security threat because hackers have taken hold and used Androrat’s code. Users could download applications that are seemingly harmless, but little do they know that it has actually been bound to Androrat. Once that app is installed not needing any input of user information, It gets to sneak through Android’s security model undetected.
According to Symantec reports, analysts have found over 20 apps that have become Androrat carriers. In fact, it has been incorporated to a malware called Adwind, java-based RAT that can run on different operating systems.
Since Androrat “binder” tools are currently offered in the underground marketplace for malware, the hundred of cases of Androrat malware infection among Android devices will continuously increase and might even expand to different operating systems.