The malware was originally a university project, intended to be an open source application that provided remote control of an Android system.
A new variant of Android malware has been discovered, which comes with extensive spying and data-stealing capabilities, allowing hackers to access almost all data on infected devices. The malware, dubbed AndroRAT, was first discovered in 2012.
The malware was originally a university project, intended to be an open source application that provides remote control of an Android system. However, cyber criminals also discovered AndroRAT, which in turn launched their malicious journey.
According to Trend Micro security researchers, who discovered the new version of the malware, it targets a vulnerability that was publicly disclosed in 2016. Exploiting the bug allows hackers to hijack older Android devices, allowing them to access a large amount of data stored on infected devices. Although Google has already patched the vulnerability, older Android devices may still be vulnerable.
"Ideally, any device released or updated after April 2016 will not be vulnerable," Trend Micro researchers said in a blog post.
The new version of the malware is disguised as an application called TrashCleaner, which once installed, can allow hackers to perform various malicious activities. Malware can hijack devices to use the front-facing camera to take high-resolution photos, record audio, steal files, and more.
“The first time TrashCleaner is run, the Android device is prompted to install a Chinese-labeled calculator app that resembles a pre-installed system calculator. Simultaneously, the TrashCleaner icon will disappear from the device's user interface and the RAT will activate in the background,” the Trend Micro researchers said.
Apart from possessing the original AndroRAT features like stealing GPS location, contacts, Wi-Fi names, device model details, SMS messages and more, the new variant also comes with new abilities. These include the ability to steal a list of all installed apps, steal browser history and Wi-Fi passwords, record calls, upload files to the infected device, send and delete SMS messages, install a keylogger, and use the front camera to capture resolution photos.
"Users should refrain from downloading apps from third-party app stores to avoid being targeted by threats like AndroRAT," Trend Micro researchers warned. “Only downloading from legitimate app stores can be very helpful when it comes to device security. Regularly updating your device's operating system and applications also reduces the risk of being affected by exploits for new vulnerabilities."
