Skip to content

SoftTrack Hacking&Security Group

조회 수 12 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄


크리에이티브 커먼즈 코리아 저작자표시 Creative Commons License
이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-동일조건변경허락/3.0에 따라 이용하실 수 있습니다


Link : http://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid


Darwinism is partly based on the ability for change that increases an individual’s ability to compete and survive. Malware authors are not much different and need to adapt to survive in changing technological landscapes and marketplaces. In a previous blog, we highlighted a free Android remote administration tool (RAT) known as AndroRAT (Android.Dandro) and what was believed to be the first ever malware APK binder. Since then, we have seen imitations and evolutions of such threats in the threat landscape. One such threat that is making waves in underground forums is called Dendroid (Android.Dendoroid), which is also a word meaning something is tree-like or has a branching structure.

Dendroid_Fig1_0.png

Figure 1. Dendroid advertisement banner

Dendroid is a HTTP RAT that is marketed as being transparent to the user and firmware interface, having a sophisticated PHP panel, and an application APK binder package. The APK binder used by Dendroid just so happens to share some links to the author of the original AndroRAT APK binder.

Dendroid_Fig2_0.png

Figure 2. Dendroid control panel

According to postings on underground forums, the official seller of Dendroid is known as “Soccer.” The seller markets Dendroid as offering many features that have never been seen before and comes with 24/7 support, all for a once off payment of $300 to be paid through BTC, LTC, BTC-e, or other services. Some of the many features on offer include the following:

  • Delete call logs
  • Call a phone number
  • Open Web pages
  • Record calls and audio
  • Intercept text messages
  • Take and upload photos and videos
  • Open an application
  • Initiate a HTTP flood (DoS) for a period of time
  • Change the command-and-control (C&C) server

Dendroid_Fig3_0.png

Figure 3. Dendroid APK binder

As previously mentioned, according to reports on underground forums, the author of the Dendroid APK binder included with this package had assistance writing this APK binder from the author of the original AndroRAT APK binder.  

The evolution of remote access tools on the Android platform was inevitable. The creation of Dendroid and the positive feedback on underground forums for this type of threat shows that there is a strong cybercriminal marketplace for such tools. On the PC platform, other crimeware toolkits like Zeus (Trojan.Zbot) and SpyEye (Trojan.Spyeye) started off in a similar manner and grew quickly in popularity due to their ease of use and notoriety stemming from the high profile crimes perpetrated as a result of their usage. While this may be early days for Dendroid, Symantec will be keeping a close eye on this threat.

To stay protected, Symantec recommends installing a security app, such as Norton Mobile Security, which detects this threat as Android.Dendoroid. For general safety tips for smartphones and tablets, please visit our Mobile Security website.


List of Articles
번호 제목 글쓴이 날짜 조회 수
14 [보안뉴스] 해킹된 전 세계 CCTV 영상 또 실시간 노출...한국 542건 Alchemic 2016.07.12 8
13 [한국인터넷언론인협동조합] 카카오 커뮤니케이션 사칭 이메일 ‘주의보 발령’ Alchemic 2016.07.12 36
12 [CIO Korea] 임베디드 기기 수백만 대, 똑같은 암호화 키 사용 중 file Alchemic 2016.07.12 0
11 [다음 미디어, 중앙일보] 해커 "여기저기 시도했는데 KT만 뚫렸다" file Alchemic 2015.05.22 11
10 [보안뉴스] URL주소 변경했더니...관리자 페이지가 ‘뜨악’ file Alchemic 2015.05.21 6
» [Symantec Official Blog] Android RATs Branch out with Dendroid Alchemic 2015.05.21 12
8 Reducing the Nation's Cyber Risk (March 10, 2014) Alchemic 2015.05.21 2
7 [보안뉴스] 스미싱 피해 줄지 않는 이유 3가지 file Alchemic 2015.05.21 3
6 [ITWorld Korea] iOS 보안에 대해 알아야 할 5가지 file Alchemic 2015.05.21 12
5 [ComputerWeekly.com] RSA 2014: Microsoft and partners defend botnet disruption Alchemic 2015.05.21 9
4 [데일리시큐] 표적공격 및 APT 공격, 시만텍 대응 방안 file Alchemic 2015.05.21 1
3 [데일리시큐] 아파치 웹서버 무력화시킬 심각한 DoS 결함 발견 file Alchemic 2015.05.21 2
2 [데일리시큐] 웹타임교육센터-코어시큐리티, 보안인재양성 MOU 체결 file Alchemic 2015.05.21 7
1 [보안뉴스] DB 암호화 구축시 4가지 체크포인트! file Alchemic 2015.05.21 1
Board Pagination Prev 1 Next
/ 1

Copyright ⓒ 2017 SoftTrack All rights reserved.

sehands@koreatech.ac.kr

sketchbook5, 스케치북5

sketchbook5, 스케치북5

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소