March 12, 2014

Russian anti-virus company Doctor Web is warning users that cybercriminals now have another malicious program for Android available in their arsenal. Sold on underground hacker forums, the Trojan poses a severe threat because it can be used to embed malicious code into any legitimate application, compromise confidential information and cause financial losses to a device's owner.

The Trojan, dubbed Android.Dendroid.1.origin by Dr.Web, can be purchased on one of the underground hacker forums. Implemented as a multi-purpose Remote Administration Tool (RAT), it can be embedded into any harmless application which makes it harder for users to find it. The program's design is quite similar to that of Android.Adrorat.1.origin malware which is well known to Doctor Web's analysts. Apparently, the criminals who crafted the new RAT program drew their inspiration from it.

The most significant features of the new malware include the ability to:

• Block and intercept SMS;
• Activate the device's camera and microphone;
• Acquire the browser history and bookmark data;
• Steal user account data and phone book information;
• Send SMS;
• Record phone calls;
• Acquire files stored on the device;
• Mount DDoS attacks on specified sites;
• Display various dialogue boxes.

Thus, Android.Dendroid.1.origin can perform tasks that are usually fulfilled by SMS and spying Trojans. In addition, the feature that enables the malware to display dialogue boxes can be used by criminals to lure users into divulging their authentication data for online banking or social networking.

Doctor Web recommends that owners of Android-powered devices exercise caution whenever preparing to install an application and refrain from using dubious software products. Devices protected by Dr.Web for Android are well shielded against this threat.

Protect your Android handheld with Dr.Web now.

Protect your Android handheld with Dr.Web now