March 12, 2014
The Trojan, dubbed Android.Dendroid.1.origin by Dr.Web, can be purchased on one of the underground hacker forums. Implemented as a multi-purpose Remote Administration Tool (RAT), it can be embedded into any harmless application which makes it harder for users to find it. The program's design is quite similar to that of Android.Adrorat.1.origin malware which is well known to Doctor Web's analysts. Apparently, the criminals who crafted the new RAT program drew their inspiration from it.
The most significant features of the new malware include the ability to:
- Block and intercept SMS;
- Activate the device's camera and microphone;
- Acquire the browser history and bookmark data;
- Steal user account data and phone book information;
- Send SMS;
- Record phone calls;
- Acquire files stored on the device;
- Mount DDoS attacks on specified sites;
- Display various dialogue boxes.
Thus, Android.Dendroid.1.origin can perform tasks that are usually fulfilled by SMS and spying Trojans. In addition, the feature that enables the malware to display dialogue boxes can be used by criminals to lure users into divulging their authentication data for online banking or social networking.
Doctor Web recommends that owners of Android-powered devices exercise caution whenever preparing to install an application and refrain from using dubious software products. Devices protected by Dr.Web for Android are well shielded against this threat.
Protect your Android handheld with Dr.Web now.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.