Dendroid is a Android based HTTP ‘Remote Access Trojan’ which is being distributed on the deep web for 0.50 bitcoin ($300.00). Those with access to the deep web can also buy it with another cryptocurrency Litecoin and the maker has promised a 24 x 7 support. The seller who goes by the handle of “Soccer” has been successful in selling many copies of his creation.
Security company, Symantec who detected the Dendroid, has classified it as Android.Dendoroid. The Dendroid is an HTTP Remote Access Trojan that comes with an application binder package and a complex PHP administration panel. Dendroid basically “trojanizes” legitimate apps by inserting its malicious code into the application package file, or APK.
Once the Dendroid infected legitimate App has infected the victims Android device, it can do pretty much anything. Among other things, it can delete call logs, open arbitrary web pages, place calls to premium phone numbers, record incoming and outgoing calls and audio, take photos and videos and upload them to a remote server. It can also remotely open apps, intercept text messages, and even initiate denial-of-service (DOS) attacks for a certain period of time.
“The creation of Dendroid and the positive feedback on underground forums for this type of threat shows that there is a strong cybercriminal marketplace for such tools,” Symantec’s Peter Coogan explained in a blog post.
The creator has also posted a commercial on the deep web for advertising his creation and inviting buyers (requires password)
Popular Mobile anti-malware developer Lookout claims that Dendroid has been designed in such a way that it could gain entry in Google Play Store with its Apps.
“We only detected a single application infected with Dendroid and it has already been removed from the Play Store,” Lookout said on its blog. “However, the developer’s account is still open.”
“We only detected a single application infected with Dendroid and it has already been removed from the Play Store,” Lookout said on its blog. “However, the developer’s account is still open.”
