Researchers at Trend Micro have discovered a new version of AndroRAT, malware that was launched in 2012 and exploits a bug in Android to infect mobile phones
AndroRAT is an old acquaintance of Android users. It is a malware that was first discovered in 2012 and exploits a vulnerability in the Android operating system to infect smartphones and tablets. Google fixed the problem for good in 2016 by releasing a software update. However, that didn't affect older versions of the operating system. And now it turns out that more than 20% of smartphones with the green robot can be infected by AndroRAT, which has since evolved and acquired new features.
To raise the alarm are IT researchers from Trend Micro who discovered AndroRAT within TrashCleaner, an application that promises to clean the smartphone of useless documents, but actually installs the virus and takes control of the device. It is a very dangerous malware, capable of recording phone calls, saving sent SMS messages and, most importantly, stealing all our login credentials.
How AndroRAT infects smartphone
As mentioned, it is old Android smartphones, running a version of the operating system from a few years ago, that are at risk. According to experts, devices running Android KitKat, Jelly Bean, Ice Cream Sandwich or Gingerbread (which are currently present on about 20% of green robot devices) are vulnerable. In the most recent versions of Android, Google has fixed the vulnerability that allows AndroRAT to take control of the smartphone.
The malware trojan was discovered inside TrashCleaner, an application that is not on the Google Play Store and promises to make the smartphone faster by deleting unnecessary apps and documents. But it doesn't. As soon as you install the app, you'll be shown a message inviting you to download a Calculator app, which has the same logo as the Android one, but is developed by a Chinese software house. At this point, the TrashCleaner icon disappears from the smartphone's interface and AndroRAT activates in the background and starts taking control of the device. The malware is really very powerful: it is able to record phone calls, independently take pictures from the camera, check the user's location via GPS and save the name of Wi-Fi networks to which the smartphone connects. But that's not all. AndroRAT has added new features to its "portfolio" in recent months: it is capable of stealing browser history, taking pictures with the front camera, uploading documents to the smartphone, taking screenshots and, most importantly, obtaining user credentials (services and social media).
But how is TrashCleaner, the application that opens the door to AndroRAT, spread? According to Trend Micro researchers, hackers spread the URL to download TrashCleaner through misleading advertisements or by sending phishing mails.
How to defend yourself against AndroRAT
To defend yourself against AndroRAT, you need to block TrashCleaner, the vector carrying the malware trojan. The app is not present in the Google Play Store and this should already make the user think. When downloading an app from a third-party store, you need to be sure that it is a safe source. In most cases, unofficial markets are used by hackers to publish their infected apps. Also, to be protected while surfing the web, it is advisable to install an antivirus application. There are some great ones available for free.