With the surge in concern about mobile device malware in the spotlight, more and more users are growing suspicious of applications being installed on their devices. Preventative measures are being taken, such as only downloading apps from trusted sources, using the native security features on their devices and using mobile antivirus apps. But what happens when the level of sophistication of the malware is increased and fools even trusted sources? Such is the case with at least one application, Dendroid, that made it to Google’s Play Store.
Ex-intern Morgan Culbertson at security firm FireEye created a tool, Dendroid, designed to disguise the code that antivirus and antimalware programs look for when scanning your systems. This tool, a “Remote Administration Tool” or RAT, was marketed to shady characters online as a way to build malicious Android applications that could bypass current detection methods. The applications built with this tool gave control of your device to whoever was on the other end of the RAT. It would allow them to control your camera, microphone, access your data and even record your phone conversations.
Dendroid also allowed for infection of existing applications by use of a “binder”, effectively infecting an otherwise innocent application and your devices.
The list of applications developed using this tool could be extensive, but I have been unable to find anything concrete in relation to which applications may have been infected.
Carl is an Android enthusiast that got his start with an HTC Hero. Quickly tiring of not being able to change certain things about the device, he sought out the means to do what he wanted; Enter XDA Developers. After spending immense amounts of time on the forums learning, building and sharing, Carl decided to pursue higher education to increase his understanding and focus on a direction in the mobile world. Primarily focusing on security and privacy, Carl intends to gain his CEH and Reverse Engineer malware.