What is AndroRAT? The new Android malware
What is AndroRAT? The new Android malware has extensive spying and data-stealing capabilities, The malware was originally a university project – it was intended to be an open-source application that provided remote control of an Android system
A new variant of Android malware has been discovered, which comes with extensive data-stealing and spying capabilities, allowing hackers to gain access to almost all data on infected devices. The malware, dubbed AndroRAT, was first discovered in 2012.
The malware was originally a university project – it was intended to be an open-source application that provided remote control of an Android system. However, AndroRAT was also eventually discovered by cybercriminals, who in turn began its malicious journey.
According to security researchers at Trend Micro, which discovered the new version of the malware, it targets a vulnerability that was publicly disclosed in 2016. Exploiting the flaw allows hackers to take over older Android devices, allowing them to access a large amount of data stored on the infected devices. Although Google has already patched the vulnerability, older Android devices may still be vulnerable.
“Ideally, any device launched or updated after April 2016 will not be vulnerable,” Trend Micro researchers said in a blog post.
The new version of the malware disguises itself as an application called TrashCleaner, which once installed, can allow hackers to perform various malicious activities. Malware can experiment with devices that use the front camera to take high-resolution photos, record audio files, steal files, and more.
“The first time TrashCleaner is run, it asks the Android device to install a Chinese-labeled calculator app that looks like a pre-installed system calculator. At the same time, the TrashCleaner icon will disappear from the device’s user interface and the RAT is activated in the background,” Trend Micro researchers said.
Apart from having the original features of AndroRAT like stealing GPS location, contacts, Wi-Fi names, device model details, SMS messages, and more, the new version also comes with new features. These include the ability to steal a list of all installed apps, steal browser history and Wi-Fi passwords, record calls, upload files to the infected device, send and delete SMS messages, install a keylogger and use the front camera to analyze photos.
“Users should refrain from downloading apps from third-party app stores to avoid being targeted by threats like AndroRAT,” Trend Micro researchers warned. “Only downloading from legitimate app stores can go a long way in terms of device security. Regularly updating your device’s operating system and apps also reduce the risk of them being affected by exploits for new vulnerabilities. “