New Android Malware Is Spreading Through Third-Party App Markets

Security researchers at ESET have discovered a new strain of Android malware that is distributed through the unofficial app markets.

The company took a special interest in Krysanec Remote Access Tool (RAT) after it realised that cyber criminals had the nerve to ship malicious code on top of ESET’s own mobile security app.

What makes Krysanec particularly insidious is it still allows for full functionality of the host application, so the victims do not suspect there was something wrong with their download.

False pretenses

According to ESET, Android/Spy.Krysanec gives the attacker full access to the infected device. It enables them to take photos, record audio through the microphone, access current GPS location, list of installed applications, browser history and call history. The RAT can also send SMS, including to premium numbers which could have been set up by cyber criminals in advance.

Krysanec has been spotted piggybacking on top of popular applications like 3G Traffic Guard and the mobile banking app for Sberbank, the largest bank in Russia and third largest in Europe.

So far, ‘carrier’ apps have only been spotted on unofficial markets: ESET says Google Play Store is safe thanks to the work of Google Bouncer, an automatic system that constantly scans both new and existing apps. Meanwhile, countless third-party websites blatantly ignore any safety recommendations especially those that offer pirated Android software.

“Interestingly, some of the samples that we analysed connected to a C&C server hosted on a domain belonging to the dynamic DNS provider no-ip.com,” wrote Robert Lipovsky, malware researcher at ESET.

No-IP was in the news recently when Microsoft’s Digital Crimes Unit took over 22 of the company’s domains that were used to distribute malware. Microsoft, however, subsequently dropped the case.

“While remote-access-tools for Android are less common than their Windows desktop counterparts, the main message here is to stress that users should download not only our ESET Mobile Security but any application only from trustworthy sources, such as the official Google Play store. And even there, exercise caution by carefully examining the permissions requested by the app.”

Do you know your famous hackers? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago