Custom malware that makes it possible to remotely control smartphones appeared, infected applications are found on Google Play

Malicious software that allows acts such as launching the installed smartphone's camera secretly or uploading data inside the terminal secretlyDendroid"Was discovered.

Dendroid malware can take over your camera, record audio, and sneak into Google Play | The Official Lookout Blog
https://blog.lookout.com/blog/2014/03/06/dendroid/


Dendroid is a custom RAT (Remote Access Toolkit) targeting Android terminals. RAT is a program that can remotely control the terminal on which it is installed. This Dendroid is slightly different from the old Android custom malware, it is possible to fully control the infected terminal from the control panel, and the "Malware detection system of Google Play"Bouncer"Anti-emulation detection code" and so on to avoid detection of such things are also included.


According to the creator of Dendroid, you can use Dendroid to "take a photo with a smartphone camera" "record a voice such as a call" "make a call" "open a web page" "intercept a text message" "upload the data" In addition, it seems that it is possible to do remote control such as "Open application", "Make a DoS attack for a certain period of time," "Change command and control server", etc.


Dendroid currently sells a person called "Soccer" for $ 300 (31,000 yen) and it seems that payment needs to be done in online currency such as Bitcoin and Litecoin. Please note that payment by PayPal is also possible, as long as the vendor Soccer trusted the identity.


Lookout, which provides a mobile security application, seems to have discovered an application infected with Dendroid on Google Play, but this application has already been deleted. But even with Avast which is also a security companyInfected with DendroidOn Google Play, and it seems that there are already multiple Dendroid infected applications on Google Play.

In Lookout, as a countermeasure for not infecting Dendroid, we cite two things: "Check the application of unknown provider of security" and "Install mobile security application".