Open-Source Origins
RAT can also stand for the safer-sounding phrase "Remote Administration Tool." That's the phrase used to describe the open-source tool Androrat, which provides the actual remote control and monitoring. Written by a team of four French university students, the tool consists of two parts, a client written in Java Android and a server written in Java/Swing.
Looking at the project's home page you'll find a laundry list of actions that the remote controller can trigger on the Android device. The list includes, but isn't limited to: get all contacts, call logs, and messages; get the device's location by GPS or network; monitor phone calls and texts in real time; stream sound from the microphone; and send a text.
The client runs as a service that starts during the boot process. That means it can run without the phone owner's knowledge. Of course the RAT-herder won't be managing it all the time, but a simple text can engage the phone's connection to the server.
Send in the Trojans
Androrat is a free, open-source project that anybody can download and use. With full access to someone's phone, you could just install it manually. What you get for your $37 is the Androrat APK Binder. Using this simple tool, you can take the APK file for any Android app and inject Androrat's code into it. Of course you'll have to somehow convince your victim to run the Trojanized app.
The Binder's author strongly advises that you start by learning how to use Androrat. He points out that he is not the creator of Androrat and does not offer Androrat support. And he doesn't offer refunds. Still, for $37 even someone with only minimal skillz can create an effective Trojan that will install Androrat.
No Surge Yet
A recent blog post by Symantec Researcher Andrea Lelli details the process of creating and using your Android RAT. You manage the remote installation via a graphical user interface with a menu that includes "Get Android data," "Send command," and "Monitoring." According to the post, the Androrat APK Binder "easily allows an attacker with limited expertise to automate the process of infecting any legitimate Android application with Androrat."
So, how worried should you be? Symantec's telemetry tracks infections worldwide, and the number of apps they've seen Trojanized with Androrat is... 23. That's not very impressive. In addition, the Trojanized app won't pass a digital signature check as it doesn't use the recently "master key" technique or the related hidden Trojan technique reported on the Chinese blog Android Security Squad. It would never make it into the Google Play store, so if you avoid apps from non-official sources you should be safe.
Symantec's Lelli does point out that remote access tools like this are still evolving. "While AndroRAT is not showing a particularly high level of sophistication just yet," said Lelli, "with the open source nature of its code and with its popularity growing, it has potential to evolve and grow into a more serious threat."
To be really sure you don't fall victim to an Android Trojan, Lelli recommends installing security software on your Android device. PCMag's Editors' Choice for mobile security is Bitdefender Mobile Security and Antivirus. No budget for phone security? avast! Mobile Security & Antivirus is our Editors' Choice for free mobile security.
Source: http://securitywatch.pcmag.com/hacking/313775-android-remote-access-trojan-for-sale-cheap
Steve Alford Phil Spector Phil Ramone louisville Kevin Ware Injury Video Richard Griffiths FGCU
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.