A common piece of advice for Android users is to refrain from downloading applications from unknown sources. Although malware does show up at the Google Play store from time to time, it is much better controlled, than on other app stores, says Carey van Vlaanderen, CEO of ESET Southern Africa.
Recently, ESET discovered a Remote Access Trojan (RAT) that was masked as several legitimate Android applications. This is concerning to users, as applications have become a part of our mobile experience, and this, of course, has not gone by unnoticed with cybercriminals.
Often on Android devices the malware will disguise itself as a legitimate, and oftentimes popular application. To many eyes, the application looks like the real deal, as all the functionality of the real application are available to the user. But, it is the addition, the added extra, that is malicious and the very essence of a trojan horse.
The Android app ecosystem offers a reliable countermeasure against such unwarranted and malicious modifications, and that is by digitally signing applications with the actual developers’ certificates.
However, how many users examine the applications they install on their devices?
The infected applications contained the Android version of the Unrecom RAT, a multi-platform remote access tool. The module gives the backdoor access to:
* Take photos;
* Record audio through the microphone;
* Current GPS location;
* List of installed application;
* List of opened Web pages;
* List of placed calls;
* Contact list; and
* SMS (regular or Whatsapp).
The lesson for all Android users is simple: download any application only from trustworthy sources, such as the Google Play store.