Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : See how Android.Sandorat, a multi-featured mobile crimeware tool, began life as a legitimate Android app. Twitter Card Style summary Small-scale mobile app software entrepreneurship has been described as the cottage industry of the 21st century. It allows talented software developers to apply their skills to create new and innovative mobile apps, with the hope of becoming the next big thing and, perhaps, even attaining the trappings of wealth associated with success. However, with over 1 million apps available for download on the Google Play Store, for every success story there are countless apps that fail to deliver. While I was researching a new Android remote administration tool RAT known as DroidJack detected by Symantec as Android.Sandorat , it soon became apparent that its authors had actually started off as Android app developers. In their own words, they were budding entrepreneurs trying to develop and apply skills that we have gained. With limited success of their legitimate app on the Google Play Store, they soon turned their skills to creating and selling an Android crimeware tool, known as SandroRAT, on a hacker forum. In August 2014, this same tool was reported in the media to have been used in cybercriminal activity targeting Polish banking users through a phishing email. This tool has since evolved into DroidJack RAT and is now being openly sold on its own website at a cost of US 210 for a lifetime package. Fig1DJ.png Figure 1. DroidJack website logo Evolution On April 26, 2013, the Sandroid RAT was released on the Google Play Store. The authors described the app as being a free tool that lets users control their PC without advertisements. Fig2_0.png Figure 2. DroidJack website logo On December 29, 2013, there was an announcement on a hacker forum of a new project called SandroRAT. The forum poster linked the project back to the Sandroid app available on the Google Play Store, referring to SandroRAT as being a kind of vice-versa to the Sandroid app, while also commenting on how it remains hidden on the phone. Fig3.png Figure 3. SandroRAT control panel On June 27, 2014, there was an announcement from the same poster on the same hacker forum of a next-generation Android RAT, known as DroidJack. Fig4.png Figure 4. DroidJack control panel Capabilities DroidJack has similar features to other Android RATs, such as AndroRAT and Dendroid. Some of the more than 50 features on offer include the following No root access required Bind the DroidJack server APK with any other game or app Install any APK and update server Copy files from device to computer View all messages on the device Listen to call conversations made on the device List all the contacts on the device Listen live or record audio from the device's microphone Gain control of the camera on the device Get IMEI number, Wi-Fi MAC address, and cellphone carrier details Get the device s last GPS location check in and show it in Google Maps Fig5.png Figure 5. Screenshot from DroidJack marketing video, which shows GPS pinpointer location feature using Google Maps Legality Law enforcement is getting more aggressive in its stance against the creation and use of RATs. In May 2014, the FBI, Europol, and several other law enforcement agencies arrested dozens of individuals suspected of cybercriminal activity centered on Blackshades detected as W32.Shadesrat , a RAT for personal computers that was sold on a dedicated website. Moreover, the recent arrest and indictment of a man in Los Angeles for allegedly conspiring to advertise and sell StealthGenie Android.Stealthgenie , a mobile application similar to DroidJack, shows that law enforcement is continuing its campaign against any technology designed to invade an individual s privacy. In an attempt to distance themselves from any responsibility for illegal activity, the authors of DroidJack have included a disclaimer in their marketing material. Similar disclaimers have been used in the past by other malware authors, such as the Mariposa botnet author, who unsuccessfully claimed on his website that the software was only for educational purposes. Whether the authors of DroidJack truly believe that this disclaimer absolves them of any responsibility is irrelevant, as naivete is not a defense in law. Fig6.png Figure 6. Disclaimer used in DroidJack marketing Attribution If the author or authors of DroidJack meant to cover up their tracks, they have not done a good job. Some simple investigations lead back to the names and telephone numbers of several individuals initially involved in the creation of Sandroid, supposedly based out of Chennai in India. However, whether all of the initial developers are still involved in the creation of DroidJack is not clear. Their marketing video for DroidJack also clearly shows the GPS pinpointer locator function homing in on a location in India. If the authors of DroidJack are truly based out of India, cyber law in India indicates that the creation of such software would be seen as an offense. Protection summary Symantec offers the following protection against DroidJack. Antivirus Android.Sandorat Android.Malapp prior to the release of Sandorat

Les mots clés de la revue de presse pour cet article : cybercrime
Les videos sur SecuObs pour les mots clés : cybercrime





Les derniers articles du site "Symantec Connect Security Response Billets" :

- What you need to know about election apps and your personal data
- Microsoft Patch Tuesday April 2016
- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits
- Latest Intelligence for March 2016
- New Flash zero-day exploited by attackers in the wild
- Samsam may signal a new trend of targeted ransomware
- Four tax scams to watch out for this tax season
- Most prevalent Android ransomware in the West arrives in Japan
- Taiwan targeted with new cyberespionage back door Trojan
- Seven Iranians charged in relation to cyberattacks against US

---

S'abonner au fil RSS global de la revue de presse

---