Android Trojan gets an update

Malware found in Google Play Store

Most experts agree the best way to stay safe from Android malware is to stick to trusted sources–specifically the Play Store.

Unfortunately, those sources can sometimes be compromised. In the last week there have been two malware families found in Google’s Play Store.

Dendroid

The first one, found by Lookout Security, is a remote administration tool called Dendroid. This particular malware is a variant of the publicly available remote tool AndroRAT.

Dendroid was advertised as “Parental Control” in the Play Store, which is a surprising name as they aren’t really hiding the RAT functionality. There were minimal installs, less than 50, and is the only app-to date discovered in the Play Store with the Dendroid functionality.

dendriod02

This Play Store version of Dendroid was discovered only a couple of days after Dendroid was uncovered from the underworld by Symantec, which means Google was unaware of the malicious code at the time of it being uploaded to the Play Store.

Now that Google is aware, it is highly likely they’ve removed any other apps containing similar code—if any.

FakeCam

The second app was uncovered by Avast and is a SMS Trojan disguised as a night vision app. The Trojan is capable of looking up contact numbers in a social messaging apps like WhatsApp, Telegram, and ChatON. Once the number is collected it’s sent to a remote server and the numbers are used to register for a premium service costing up to $50.

fakecam01

Both of these apps have been removed from the Play Store and Malwarebytes Anti-Malware Mobile user are protected against these threats.

MBAM Mobile detects these malware as Android/Trojan.Spy.Dendroid and Android/Trojan.SMS.FakeCam.

Audit your apps with MBAM Mobile

As I mentioned malicious apps sometimes make their way into the Play Store or can be dynamically updated with malicious code after install. Peering inside some of the functionality of your apps can help keep you safe and aware of what apps have access to.

Along with malware detection, MBAM Mobile comes with Privacy Manager, which takes a look at your apps and breaks them down into categories based on what they access. Categories such as accessing text messages and accounts, tracking location, and those that cost you money.

Now, all apps listed here aren’t necessarily malicious, but it’s a great way to revisit the permission question you saw when you first installed the apps.

You might not find any malware, but perhaps there’s an app you didn’t’ realize is capable of sending text messages or monitoring your phone calls. From Privacy Monitor you can quickly uninstall or disable apps.

Take for instance the FakeCam app, the app is advertised as a night vision app—why does it need to access contacts or read and write SMS messages?

It’s okay to question what your apps are up to and remove if you feel they’re doing more than they should.

Android malware continues to increase and at times they’re able to sneak into places we trust. Google is doing a good job keeping the bad apps out and they’ll continue to make improvements.

Until the next malicious app is found on the Play Store, you can audit your own installed apps and keep secure from unwanted behaviors with MBAM Mobile.

ABOUT THE AUTHOR

Armando Orozco

Senior Malware Intelligence Analyst

Faux geek who likes to keep it bland. Experienced in behavioral, PC, and mobile technologies.