Security researchers at ESET have discovered a new strain of Android malware that is distributed through the unofficial app markets.
The company took a special interest in Krysanec Remote Access Tool (RAT) after it realised that cyber criminals had the nerve to ship malicious code on top of ESET’s own mobile security app.
What makes Krysanec particularly insidious is it still allows for full functionality of the host application, so the victims do not suspect there was something wrong with their download.
According to ESET, Android/Spy.Krysanec gives the attacker full access to the infected device. It enables them to take photos, record audio through the microphone, access current GPS location, list of installed applications, browser history and call history. The RAT can also send SMS, including to premium numbers which could have been set up by cyber criminals in advance.
So far, ‘carrier’ apps have only been spotted on unofficial markets: ESET says Google Play Store is safe thanks to the work of Google Bouncer, an automatic system that constantly scans both new and existing apps. Meanwhile, countless third-party websites blatantly ignore any safety recommendations especially those that offer pirated Android software.
“Interestingly, some of the samples that we analysed connected to a C&C server hosted on a domain belonging to the dynamic DNS provider no-ip.com,” wrote Robert Lipovsky, malware researcher at ESET.
“No-IP was in the news recently when Microsoft’s Digital Crimes Unit took over 22 of the company’s domains that were used to distribute malware. Microsoft, however, subsequently dropped the case.
“While remote-access-tools for Android are less common than their Windows desktop counterparts, the main message here is to stress that users should download not only our ESET Mobile Security but any application only from trustworthy sources, such as the official Google Play store. And even there, exercise caution by carefully examining the permissions requested by the app.”
Do you know your famous hackers? Take our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…