By James Green ~ March 13th, 2014 2:26 PM MST
Creating an Android Trojan just got a whole lot easier thanks to commercial crimeware called Dendroid. Dendroid is a Remote Access Toolkit that can be used to turn any Android application into a back-door Trojan. And for only $300, Dendroid is a steal (pun intended).
Sold on the criminal underweb by an individual known only as “Soccer,” this crimeware allows even the most inexperienced cybercriminals to create powerful and dangerous Android Trojans capable of a litany of illicit activities. Dendroid advertises that it is capable if creating Android Trojans that can communicate with remote Command and Control (C&C) servers to receive and execute any of the following activities on an infected device:
- Call a phone number
- Record Phone calls
- Access/Delete Call Logs
- Write and Send SMS messages
- Intercept and Delete SMS messages
- Access/Steal Contact Information
- Obtain a list of installed applications
- Open applications
- Access device Camera
- Take Pictures
- Record Video
- Record Audio
- Upload files to C&C server
- Open URL
- Access/Steal Browser Bookmarks
- Access/Steal/Delete specified files
- Perform DDOS (HTTP Flood) attack
- Change C&C server address
- Update itself
Creating these powerful Trojans is child’s play with Dendroid. Cybercriminals can simply search through the Dendroid database of well know Android applications and select which APK (Android package file) they wish to trojanize. Then Dendroid does all the hard work for them and packages the malicious code to the selected application .
Using these Trojans a cybercriminal can very easily create their very own mobile botnet. Once a Dendroid Trojan app has been installed on any device the cybercriminal can log into the Dendroid software interface and access sensitive information and control a disturbing number of device functions.
One must admit, for crimeware Dendroid has a polished and professional user interface, and the software itself is alarmingly robust. Dendroid is careful to include code that is designed to evade security measures employed by Android application markets, including Google Play’s security system called Google Bouncer. Before applications are published on Google Play they are run on a virtual device known as an emulator to log activity and flag any malicious behavior. To evade such security measures Dendroid Trojans detect when they are being run on an emulator and will not execute any malicious code to avoid being flagged during review. This ability to publish Trojans on nearly all Android application markets makes this malware exceedingly dangerous.
Dendroid appears to have links to similar malware developed in Russia where this type of threat is more commonly seen. Armor for Android views this as evidence that more and more sophisticated malware developers are turning away from traditional desktop malware to target mobile devices (most commonly Android). Mobile malware is a growing threat and it is expected to rival desktop malware in numbers and complexity very soon.
Protecting you Android device and the sensitive information is important. Keep these tips in mind when using your android device to avoid falling victim to Android malware.
- Install and use an Android antivirus application to detect and prevent a malware infection.
- Always stay up to date with application, operating system, and antivirus updates. Updates often include patches to newly discovered security vulnerabilities and keep the device protected against the latest threats.
- Read user reviews and research applications before installing. Review application developers’ websites and social media accounts to establish if the developer is trustworthy.
- Trust your instincts. Don’t download anything that seems too good to be true. ♦
James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email: James@ArmorforAndroid.com; Twitter: @James_AfA