Symantec researchers have discovered a new android malware toolkit dubbed Dendroid, early 2014 the company also detected AndroRAT, an Android Remote admin tool which is believed to be the first malware APK binder.

Thanks to the diffusion of the Google mobile OS, Android platform is considerable a privileged target for cybercriminal, it is increasing the offer in the criminal underground market for products and services to monetize illegal activities.

Dendroid is an HTTP Remote Admin Tool that is completely invisible to the user and firmware interface, the toolkit implements an application APK binder package and has a sophisticated PHP panel.

Symantec researchers discovered a link between Dendroid and AndroRAT toolkit:

” The APK binder used by Dendroid just so happens to share some links to the author of the original AndroRAT APK binder.” report the official post on Symantec blog.

Symantec experts  discovered advertising for Dendroid on underground forums, the toolkit it offered by a seller Dendroid known as “Soccer”, he offers a set of features never been seen before and a 24/7 customer support. The price for Dendroid toolkit is $300, buyers can pay it through principal virtual currency schema, including Bitcoin, LifeCoin, BTC-e.

Some of the many features on offer include the following:

• Delete call logs
• Call a phone number
• Open Web pages
• Record calls and audio
• Intercept text messages
• Take and upload photos and videos
• Open an application
• Initiate a HTTP flood (DoS) for a period of time
• Change the command-and-control (C&C) server

The evolution of remote access tools on the Android platform is considered by Symantec inevitable, the demand for this kind of toolkit is increasing and security experts believe that in 2014 the number of new malware families will increase. t.

To stay protected install defensive application on your application, don’t jailbreak/root the device and always download applications from the official Stores.

Pierluigi Paganini

(Security Affairs –  Dendroid, mobile malware)