Security researchers at ESET have discovered a new strain of Android malware that is distributed through the unofficial app markets.
The company took a special interest in Krysanec Remote Access Tool (RAT) after it realised that cyber criminals had the nerve to ship malicious code on top of ESET’s own mobile security app.
What makes Krysanec particularly insidious is it still allows for full functionality of the host application, so the victims do not suspect there was something wrong with their download.
According to ESET, Android/Spy.Krysanec gives the attacker full access to the infected device. It enables them to take photos, record audio through the microphone, access current GPS location, list of installed applications, browser history and call history. The RAT can also send SMS, including to premium numbers which could have been set up by cyber criminals in advance.
So far, ‘carrier’ apps have only been spotted on unofficial markets: ESET says Google Play Store is safe thanks to the work of Google Bouncer, an automatic system that constantly scans both new and existing apps. Meanwhile, countless third-party websites blatantly ignore any safety recommendations especially those that offer pirated Android software.
“Interestingly, some of the samples that we analysed connected to a C&C server hosted on a domain belonging to the dynamic DNS provider no-ip.com,” wrote Robert Lipovsky, malware researcher at ESET.
“No-IP was in the news recently when Microsoft’s Digital Crimes Unit took over 22 of the company’s domains that were used to distribute malware. Microsoft, however, subsequently dropped the case.
“While remote-access-tools for Android are less common than their Windows desktop counterparts, the main message here is to stress that users should download not only our ESET Mobile Security but any application only from trustworthy sources, such as the official Google Play store. And even there, exercise caution by carefully examining the permissions requested by the app.”
Do you know your famous hackers? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…