updated 01:20 pm EST, Sat March 8, 2014
Remote access tool Dendroid injects malware code into APK files
A HTTP new remote access toolkit (RAT) that is cause for concern has surfaced, according to anti-virus/anti-malware program maker Symantec, which makes turning legitimate Android apps into malware easier than before. The program, Dendroid (tagged as Android.Dendoroid by the security company), offers an easy-to-use commercial solution to inject malicious code for trojan access into APK files for placement on Android marketplaces, bypassing security checks.
The software comes with a list of features packed into a simple PHP panel that includes the ability to call a phone number, record calls, intercept text messages, take and upload photos, and initiate a HTTP flood (DoS) through a command-and-control server over HTTP. PC World has reported that the virtual private servers that run the control panel are hosted offshore. It also comes with a APK binder which was written with help from the author of one of the first RAT programs discovered for Android, AndroRAT. This binder connects Dendroid to the APK, creating a piece of software that appears to be official, but is really compromised.
It is important to note that Dendroid is unable to corrupt applications that have already been installed. Instead, the software banks on the idea of tricking users into downloading an infected application that merely looks official either through places like the Google Play store or external marketplaces. Android is currently the platform of choice for malware, responsible for 99 percent of known threats according to a recent report by Cisco.
Perhaps the oddest feature of Dendroid -- besides the fact that it has a $300 price tag that can be paid for with untraceable Bitcoins -- is the 24/7 technical support that the developer "Soccer" offers with the purchase of the "remote administration tool." It also has a sales video that claims the program has the ability to bypass the automated malware scanner for Google Play.
It is recommended that Android users employ anti-virus software on their devices. If the claims of the developer are true, even apps from the Google Play store -- much less any other source -- are not trustworthy at the present time. Google has yet to comment on Dendroid's claims.