AndroRAT Android Malware Attacks Surge

The AndroRAT Android Malware has spawned several new attack campaigns that target various users worldwide and features some dangerous features.

AndroRAT Android Malware Continues Its Attacks

The old Android malware known as AndroRat has recently surged in activity. Security researchers have uncovered an update version of it that is actively used by criminals against smart devices worldwide. The original code of this virus was created back in 2012 as s proof-of-concept by a small team of programmers for a university project. It is made up of two parts:

  1. The AndroRat Server which is responsible for controlling the infected hosts via a personal computer graphical user interface.

  2. The AndroRat Client – The actual Android malware which infects smart devices running Google’s mobile operating system.

The security specialists note that it is relatively easy for programmers to use the code to construct a potent Trojan malware based on it. This is done by using a legitimate Android APK installation file and adding the AndroRat client code. The recompiled file is then distributed to various target files using various tactics. These include the following:

  • On the Google Play Store using counterfeit or hijacked signatures, names and developer names.

  • On various third-party repositories that host malicious content.

  • Download sites that serve APK files directly.

  • Email messages and dangerous redirects.

After the AndroRat malware has infiltrated the host device it can easily be controlled via the relevant server interface. Some of the features that it includes are the following:

  • Collect contacts

  • Collect call logs

  • Collect all messages including SMS

  • Record calls

  • Location through GPS

  • Take a picture from the camera

  • Send SMS messages

  • Make outgoing calls

  • Open an URL in the default browser

In addition to an evolved version of the dangerous version, the criminal operators of the new iteration have also created AndroRat Binder. This is an APK builder that adds the client code to any target APK file. It is made using an easy to use interface. This adds to the danger of the malware as any beginner criminal can use it to create their own versions and spread it further. All that is needed is the IP address of the listening AndroRat server and a legitimate APK file to be infected.

The security experts have identified that criminals have used the popular game Pokemon Go as a payload to deliver the virus.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *