New Android Malware Is Spreading Through Third-Party App Markets

Security researchers at ESET have discovered a new strain of Android malware that is distributed through the unofficial app markets.

The company took a special interest in Krysanec Remote Access Tool (RAT) after it realised that cyber criminals had the nerve to ship malicious code on top of ESET’s own mobile security app.

What makes Krysanec particularly insidious is it still allows for full functionality of the host application, so the victims do not suspect there was something wrong with their download.

False pretenses

According to ESET, Android/Spy.Krysanec gives the attacker full access to the infected device. It enables them to take photos, record audio through the microphone, access current GPS location, list of installed applications, browser history and call history. The RAT can also send SMS, including to premium numbers which could have been set up by cyber criminals in advance.

Krysanec has been spotted piggybacking on top of popular applications like 3G Traffic Guard and the mobile banking app for Sberbank, the largest bank in Russia and third largest in Europe.

So far, ‘carrier’ apps have only been spotted on unofficial markets: ESET says Google Play Store is safe thanks to the work of Google Bouncer, an automatic system that constantly scans both new and existing apps. Meanwhile, countless third-party websites blatantly ignore any safety recommendations especially those that offer pirated Android software.

“Interestingly, some of the samples that we analysed connected to a C&C server hosted on a domain belonging to the dynamic DNS provider no-ip.com,” wrote Robert Lipovsky, malware researcher at ESET.

No-IP was in the news recently when Microsoft’s Digital Crimes Unit took over 22 of the company’s domains that were used to distribute malware. Microsoft, however, subsequently dropped the case.

“While remote-access-tools for Android are less common than their Windows desktop counterparts, the main message here is to stress that users should download not only our ESET Mobile Security but any application only from trustworthy sources, such as the official Google Play store. And even there, exercise caution by carefully examining the permissions requested by the app.”

Do you know your famous hackers? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago