The creators of the Android malware DroidJack have created a new distribution technique to increase infection rates. The Trojan has been used for spying on users and possesses advanced stealth capabilities. DroidJack is now spreading through over the top (OTT) carrier services which prove to be a serious concern for mobile users worldwide.
The Popularity of DroidJack
DroidJack is a famous remote access trojan (RAT) that has gained popularity since it’s creation. The malware is advertised as suitable for jealous partners, stalkers, and other related activities. DroidJack is easy to acquire by anyone as the app can be purchased online.
The DroidJack has a rich feature set – the APK file can be customized with various permissions policies and encrypted using different algorithms. Once installed the Trojan can be used for remote access and control of the victim host. Messages, call logs, and contacts details can be read, deleted and manipulated by the RAT owner.
The serious privacy implications come when the attacker can take an unlimited amount of pictures and record video from the front or back cameras of the infected device. The malicious user can also listen and record audio from the built-in microphone at will. Real time GPS tracking, applications management, and advanced features that hide the malware installation are all combined into DroidJack.
The Trojan has famously been distributed with counterfeit POKEMON Go APK’s on the Internet. Police investigation in countries like the United Kingdom, France, Germany, Belgium and Switzerland were conducted to apprehend criminal use of DroidJack.
DroidJack’s New Method of Distribution
The makers of the malware have developed a new method of distribution by utilizing the over the top (OTT) carrier services. This includes the most popular messaging apps like Viber, Skype, and Facebook Messenger. The danger is very serious as these services are mature and integrate well with the Android system. These mobile applications and services are created in a way that uses alternative means of handling calls and SMS messages over data connections.
A recent DroidJack attack campaign was spotted where the trojan was spread via SMS messages sent through apps like Viber and WhatsApp. The contents of these messages included links to an APK installation file that masked its appearance as a new MMS message. Security experts report that there is an increase of spam messaging coming from OTT malicious accounts.
As mobile applications with rich permission sets and advanced features continue to be popular Trojan kits will continue to be a serious threat.