How To Stay Safe From Andriod Virus:
- Make sure the Android system setting ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs
- Download a mobile security app like Lookout’s app that protects against malware as a first line of defense
Check out the full advertisement for the malware toolkit below:
- This week, researchers found Dendroid, a custom “Remote Access Toolkit” (RAT) for Android targeting customers from Western countries, and yes, it breached Google Play. A RAT is a type of malware that is used to remotely control the devices it is installed on. The toolkit is being sold for $300 to anyone who wants to automate the malware distribution process. The creator promises that the malware can take pictures using the phone’s camera, record audio and video, download existing pictures, record calls, send texts, and more.All Lookout users are protected from this threat.On top of all of these features, the toolkit comes with a business model that is highly reminiscent of Russian custom malware toolkits. The author is selling the toolkit online, demanding payment in currencies like Bitcoin, and provides a warranty promise that the malware will remain undetected. Want to evade detection and get into Google Play? This toolkit will help you do just that. While this type of complete toolkit based approach is common in the Russian underground, especially with banking trojans, this type of model is unusual to find in the U.S.What’s more, it looks as if Dendroid was designed with evading Play Store security in mind. Amongst its numerous features, Dendroid features some relatively simple — yet unusual — anti-emulation detection code that helps it evade detection by Bouncer, Google’s anti-malware screening system for the play store. Malware-detecting programs like Bouncer, use “emulation” in order to log and understand the behaviors of software so that it can look for risky behavior to remember and block that behavior in the future. However, by using “anti-emulation” code, malware writers can attempt to hide by not executing any bad code, which might alert the detection system.As Dendroid is a new threat, detections are very low right now. We only detected a single application infected with Dendroid and it has already been removed from the Play Store, however, the developer’s account is still open.
This toolkit is different from the majority of custom Android malware solutions in other ways as well. Most of these solutions typically just offer a few pieces of code for the wannabee malware author to insert into an innocent target application. More sophisticated features, such as command and control of infected devices, is then left up to the operator to implement. Dendroid, on the other hand, offers a full command and control infrastructure with a control panel every bit as feature rich as some of the more sophisticated Russian botnets.Available for $300 in cryptocurrencies such as Bitcoin or Litecoin (and PayPal if the seller trusts you), Dendroid offers its customers a list of advanced spyware features and complete command and control backed up by its promise of a lifetime warranty.
0 comments :
Post a Comment