Dendroid – The Android Spyware and Malware Maker

With the surge in concern about mobile device malware in the spotlight, more and more users are growing suspicious of applications being installed on their devices. Preventative measures are being taken, such as only downloading apps from trusted sources, using the native security features on their devices and using mobile antivirus apps. But what happens when the level of sophistication of the malware is increased and fools even trusted sources? Such is the case with at least one application, Dendroid, that made it to Google’s Play Store.

Ex-intern Morgan Culbertson at security firm FireEye created a tool, Dendroid, designed to disguise the code that antivirus and antimalware programs look for when scanning your systems. This tool, a “Remote Administration Tool” or RAT, was marketed to shady characters online as a way to build malicious Android applications that could bypass current detection methods. The applications built with this tool gave control of your device to whoever was on the other end of the RAT. It would allow them to control your camera, microphone, access your data and even record your phone conversations.

Dendroid also allowed for infection of existing applications by use of a “binder”, effectively infecting an otherwise innocent application and your devices.

The list of applications developed using this tool could be extensive, but I have been unable to find anything concrete in relation to which applications may have been infected.

Source Links: Ars Technica | Lookout Security Blog