The scourge of the remote access trojan (RAT)—those predatory apps that use Web microphones and cameras to surreptitiously spy on victims—has formally entered the Android arena. Not only have researchers found a covert RAT briefly available for download in the official Google Play store, they have also detected a full-featured toolkit for sale in underground forums that could make it easy for other peeping Toms to do the same thing.
The specific RAT in Google Play was disguised as a legitimate app called Parental Control, according to Marc Rogers, principal security researcher at Lookout Mobile, a provider of antimalware software for Android phones. He doesn't know exactly how long it was available on Google servers, but he believes it wasn't long. It was downloaded 10 to 50 times.
The Parental Control trojan was built using Dendroid, a newly discovered software development tool that sells for about $300. Dendroid provides an impressive suite of features, including all the tools to build the command and control infrastructure to control RATted phones and receive audio and video captured from their mics and cameras. Dendroid also allows attackers to intercept, block, or send SMS text messages on compromised phones; download stored pictures and browser histories; and open a dialogue box that asks for passwords. It includes "binder" functions that allow the malicious code to be attached, or bound, into otherwise useful or innocuous apps.