Dendroid – A new Android RAT available on the underground

Symantec discovered a new HTTP Android Remote administration tool, named Dendroid, available on the underground market for only $300.

Symantec researchers have discovered a new android malware toolkit dubbed Dendroid, early 2014 the company also detected AndroRAT, an Android Remote admin tool which is believed to be the first malware APK binder.

Thanks to the diffusion of the Google mobile OS, Android platform is considerable a privileged target for cybercriminal, it is increasing the offer in the criminal underground market for products and services to monetize illegal activities.

Dendroid is an HTTP Remote Admin Tool that is completely invisible to the user and firmware interface, the toolkit implements an application APK binder package and has a sophisticated PHP panel.

Symantec researchers discovered a link between Dendroid and AndroRAT toolkit:

” The APK binder used by Dendroid just so happens to share some links to the author of the original AndroRAT APK binder.” report the official post on Symantec blog.

Symantec experts discovered advertising for Dendroid on underground forums, the toolkit it offered by a seller Dendroid known as “Soccer”, he offers a set of features never been seen before and a 24/7 customer support. The price for Dendroid toolkit is $300, buyers can pay it through principal virtual currency schema, including Bitcoin, LifeCoin, BTC-e.

Some of the many features on offer include the following:

Delete call logs
Call a phone number
Open Web pages
Record calls and audio
Intercept text messages
Take and upload photos and videos
Open an application
Initiate a HTTP flood (DoS) for a period of time
Change the command-and-control (C&C) server

The evolution of remote access tools on the Android platform is considered by Symantec inevitable, the demand for this kind of toolkit is increasing and security experts believe that in 2014 the number of new malware families will increase. t.

To stay protected install defensive application on your application, don’t jailbreak/root the device and always download applications from the official Stores.

Pierluigi Paganini

(Security Affairs – Dendroid, mobile malware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.