05
Mar
05Sswg

Malware is a problem for Android, but that problem almost exclusively exists outside the confines of the safety of the Play Store. Like any platform where the sharing of pirated, cracked software occurs, if you're downloading something you didn't rightly pay for, there's a risk it might be carrying a little something "extra" you hadn't counted on being included. For the most part, this is how Android malware spreads - but what do malware distributors do once they've got a device infected?

05Sswg

Well, they might buy something like Dendroid, an almost hilariously well-marketed mass device management tool you can find on some of the dark corners of the web. Dendroid can be used to "manipulate, locate, and spy on an Android device." It has exciting features, like intercepting and blocking SMS messages, taking or transferring photos off a device, exploring browser history, launching DoS attacks, getting user account and contact information, sending texts, recording calls, and more! All this for just $300, lifetime support and updates included. Bitcoin accepted.

05Sswg

I really do have to give these guys points for their marketing and graphics chops - Dendroid looks like the premier enthusiast-level malware control panel. There are a few screenshots of the tool in action, and it does indeed look quite powerful:

05Sswg

Dendroid is what's known as a RAT (remote access tool), which you can learn more about in relation to Android at this Symantec blog post. Symantec actually outlined Dendroid specifically in a post on its blog today. A bit scary, I suppose, though if you get your software from the Play Store, you're probably not in any danger - Google's app verification system and the Play Store Bouncer make it pretty difficult for any malware-spiked apps to stay on the Play Store long enough to do any damage.

Either way, you've got to admire the salesmanship of Dendroid - they sure make extremely illegal acts look well-polished.

Cache of post advertising Dendroid, story via Symantec

David Ruddock
David's phone is an HTC One. He is an avid writer, and enjoys playing devil's advocate in editorials, imparting a legal perspective on tech news, and reviewing the latest phones and gadgets. He also doesn't usually write such boring sentences.

  • Steve jobs

    If you are interested in buying this, please email viralfud@apple.com

    • Eself1643

      мʏ ғʀι­­­­­­℮­­­­­­ɴɖ'ѕ мօтнɛʀ-ιɴ-ʟαա мαĸ­­­­­­℮­­­­­­ѕ $76 нօυʀʟʏ օɴ тн­­­­­­℮­­­­­­ ʟαքтօք. ѕн­­­­­­℮­­­­­­ нαѕ в­­­­­­℮­­­­­­­­­­­­℮­­­­­­ɴ աιтнօυт աօʀĸ ғօʀ 7 мօɴтнѕ вυт ʟαѕт мօɴтн н­­­­­­℮­­­­­­ʀ ιɴƈօм­­­­­­℮­­­­­­ աαѕ $12444 ʝυѕт աօʀĸιɴɢ օɴ тн­­­­­­℮­­­­­­ ʟαքтօք ғօʀ α ғ­­­­­­℮­­­­­­ա нօυʀѕ. ɢʀ­­­­­­℮­­­­­­αт քօѕт тօ ʀ­­­­­­℮­­­­­­αɖ SaveJury&#46com

    • maysider

      exactly + viralfud@microsoft.com + sources:

      "mobile malware threat is overblown, with problems seen in just 0.001% of Android app downloads"

      "iPhone is most vulnerable, least secure smartphone in the market, security firm finds."

      "iPhone Security Flaw Can Let Apps Act as Keyloggers = Everyone knows what you type."

      "Apple iOS Apps Leak More Personal Info Than Android".

      "40% of iOS popular apps invade your privacy without any permission."

  • http://www.youtube.com/crisr82 Kristian Ivanov

    Here's something I think needs to be mentioned - would this be detected by a mobile antivirus like AVG or Avast?

    • Thomas’

      AVG and Avast don't "scan" anything beyond package names and other public meta data. So they'll only "detect" apps which were blacklisted.

      • http://www.youtube.com/crisr82 Kristian Ivanov

        Well, even Avast's file-shield function is kind'a useless then

        Then I still claim my method remains the most secure - get a good firewall, set everything to be blocked by default and then white-list stuff ^_^

        • Thomas’

          The paranoid approach is usually the best one regarding security.

        • didibus

          Firewall is one of the best defense. An app that get's access to your photos, and suddenly, without you having done anything that would warrant a photo to be sent over the internet, the firewall will let you block this, and also, maybe question the app's legitimacy afterwards.

          But I think an AntiVirus on top will protect you even more. Some viruses can exploit a system in ways that could bypass your firewall, or disable it. The AntiVirus will increase your chances of finding such an app before it can execute.

          Also, some viruses could still do wrong, like ransomware who encrypts everything and ask you to pay a fee to give you the key to get your files decrypted. That virus won't need the internet at all, and will still majorly screw you.

      • Paul

        This is a BIG nonsense. Of course they scan the apk data as well. They work in similar way as scanners on PCs - and time to time have similar false alarms.

    • http://www.androidpolice.com/ David Ruddock

      The malware that would allow the RAT access to your device would hopefully be detected, yes, assuming the malware / infected package is in the AV app's detection database. Of course, that's not always going to be the case.

      • http://www.androidpolice.com/ Artem Russakovskii

        At least Symantec says it does (of course, they say that - otherwise they wouldn't have posted their blog post in the first place).

    • didibus

      It would once they are aware of the existence of it. Obviously, the app could later try to alter itself enough so that again, it would not be detected. These things are always a bit of a race, AntiVirus software try to find illegitimate apps, and then, they create a forensic to be able to detect their presence on a system. At the same time, hackers keep coming with newer illegitimate apps which will go undetected until an AntiVirus vendor once again finds it and updates it's forensic to detect this new app.

      Statistically, you are more protected with the AntiVirus, because the higher the chances you get infected, means, the more out in the wild the virus is, means the higher the chances the AntiVirus vendor has heard of it and added it to it's list of viruses. It is not an absolute protection though, only helps your statistical chances of getting infected.

      Some PC antivirus software now run more type of real time analysis scans which try to look at what an app is doing, and if they find it's doing unusual things, might show up a warning or flag it and send that app to their servers for deeper analysis, but I doubt this is happening on phone antivirus yet, since I'd expect it to use a lot more resources.

  • HellG

    As a long time HF senior member (Uber for 4 years).
    I just want to say stop spreading news about skids.
    Most of these apps specially the ones related to android DO NOT WORK
    Go to the scam section to see how many people get scammed by "HAXOR APZ" like these
    Please don't spread FUD
    Oh...The source of something similar have been circulating on the Uber private section of HF,so most likely its based on a leaked/semi public source anyway,meaning its pure shit

    • http://www.androidpolice.com/ David Ruddock

      It's based on an existing free tool, as Symantec points out, yes.

  • ProductFRED
    • http://www.androidpolice.com/ David Ruddock

      The guy in the second picture. The misaligned eye. I totally fucking lost it.

      • NasaGeek

        His attempt to spell "Legion" did it for me.

        • cabbiebot

          That is actually how you spell legion in the native tongue of little teenage morons.

    • Cathy Rudy

      my&nbspclassmate's&nbspaunt&nbspΜ­­­­­­а­­­­­­κ­­­­­­℮­­­­­­ѕ&nbsp$­­­­­­­69/հ­­­­­­օ­­­­­­υ­­­­­­r&nbspon&nbspthe&nbspс­­­­­­օ­­­­­­Μ­­­­­­р­­­­­­υ­­­­­­τ­­­­­­℮­­­­­­r.&nbspShe&nbsphas&nbspbeen&nbspfired&nbspfrom&nbspW­­­­­­օ­­­­­­r­­­­­­κ&nbspfor&nbspeight&nbspΜ­­­­­­օ­­­­­­ո­­­­­­τ­­­­­­հ­­­­­­ѕ&nbspbut&nbsplast&nbspΜ­­­­­­օ­­­­­­ո­­­­­­τ­­­­­­հ&nbspher&nbspр­­­­­­а­­­Уcheck&nbspwas&nbsp$­­­­­­­18732&nbspjust&nbspW­­­­­­օ­­­­­­r­­­­­­κing&nbspon&nbspthe&nbspс­­­­­­օ­­­­­­Μ­­­­­­р­­­­­­υ­­­­­­τ­­­­­­℮­­­­­­r&nbspfor&nbspa&nbspϜ­­­­­­℮­­­­­­W&nbspհ­­­­­­օ­­­­­­υ­­­­­­rs.&nbspsee&nbspthis&nbspհ­­­­­­℮­­­­­­r­­­­­­℮,..&nbsphttp://Foxprofitfalls2014preferenca7tm...

      ☗☗☗ ☗☗☗ ☗⪉☗☗ ☗☗�☗ ☗☗☗AVG and Avast don't "scan" anything beyond package names and other public meta data.

    • King_Anonymous

      Nope. Your average Google Play app spies on you all the time. Son't you idiots check permissions? This app is nothing new or limites to the people in your little joke.

  • Tisaart

    link to google play please?

    • Brad

      well played haha

      • http://www.androidpolice.com/ Artem Russakovskii

        Not sure if joking.

        • Brad

          I erred on the side of joking... has to be.

  • jules

    Sometimes I wonder if internet banking is possibly saver with my banking app in Android than banking via a browser on Windows.

    (Unless bla bla bla someone uses illegal apps).

    And the question if antivirus apps on Android are usefull or useless bloat is a good good subject perhaps for an article on AP?

    • Brad

      I feel like they're useless if you're not using random pirated apps and apps that are made by random people in the store.

      • Randroid

        Even apps by random people in the store are generally acceptable unless it's from a developer with a name like "Micrsoft" - close enough to resemble a real developer name, but not actually that developer.

        • Brad

          agreed

    • didibus

      That's a question I've been asking myself thoroughly and I just decided to install Avast.

      The best argument for an Anti-Virus software is zero day vulnerabilities. Let me explain.

      Imagine the Android system was the most secure system ever, that all apps you installed were perfectly confined into their own sandbox, and that you're judgement on permissions was perfect. Meaning that you always only allowed the app the minimum amount of permissions for it to perform it's legitimate tasks.

      Now in theory, Android is pretty close to this. An app can not install another app without the user consent. Apps are sandboxed under their own user, which by default, can not do anything except read/write to it's dedicated app folder (Android 4.4+ only). On install, the app request permissions so that it can perform it's legitimate tasks. Permissions are pretty fine grained, though sometimes, not enough, but close to it. If you are an expert at Android permissions, and the app developer has clearly explained the need for each permissions, you are capable of judging what permissions seem necessary and which one seem superfluous. Based on that, you only install apps who have exactly the permissions necessary, and never any app who's got unnecessary permissions.

      This is the Android security protection system. If it is being followed by the book, it should be very secure. Yet, we know that all system can be exploited. Meaning that, there might exist a way to bypass Android's security features. So, an app could find an exploit that would allow it to grant itself permissions, without the user knowing about it, for example. Those exploits always happen eventually. Since Android has no patching system, only updates, the time it will take for the exploit to be patched might be a couple of months, since you need to wait for the next Android update. This is where an Anti-Virus software would come in handy. It will update its virus definition as soon as the zero-day exploit is found. Therefore, the likelihood that you get exploited with such zero-day exploits is reduced from months to maybe weeks and hopefully days.

      This is why I have installed Avast on my phone. I'm surprised, it actually did not affect my battery or the responsivity of my phone, so I'm happy with it for now.

      One thing to realise though, is that an Anti-Virus only help protect you against apps who are trying to bypass Android's security layers or apps who are known to perform malicious operations. There is still a major hole in term of security in Android. I believe that has to do with the permissions and access to files. An app that would have a good reason to access your photos, say, a photo editing app, can easily use that permission for photo editing and for stealing your pictures. At this point, the only thing you can do is trust the developer. Android does not give you any measure to understand more deeply how the permissions are used and for what purpose. It's also annoying that you can not selectively revoke certain permissions from an app (they got rid of app ops).

      Finally, files in Android don't have proper security. You can not give an app fine grained access to only certain files, and not others. Either you let the app read your entire user storage, or you don't. So say you had very sensitive data, like financial info or private pictures, you wouldn't be able to say that app X can access all files except your private pictures.

  • Brad

    I... I kinda want to use some of these features on my own phone securely...

    • Randroid

      I was kinda thinking the same thing actually

    • Kostas

      try cerberus

    • didibus

      I guess Airdroid is what comes closest to a legitimate Remote Access Tool (RAT) for Android.

    • Paul

      Or... on the girlfriend's phone.

      <..>

      o.o

  • http://www.emuparadise.me/roms-isos-games.php Apple is a patent troll

    Pfft, this rubbish deserves to be pirated just to rub it into their face how bullshit it is.

    • Mike Reid

      You mean Dendroid ?

      It's full of tricky malware itself, never mind "pirate versions", LOL.

      There is NO honor among thieves.

  • Matthew Fry

    Awww... this reminds me of the good ole days of distributing harmless trojans to my schoolmates via ICQ and opening and closing their CD tray and flipping their screen upside down and reenacting the first shots of the Matrix :-D

  • DaveN

    Or you could just buy a used iphone and get airplay as a bonus!

  • dizel123

    I was gonna pass on this, but since they accept bitcoin I might as well make the purchase

  • PackMatt73

    Giving credit where it's due...first place anyone saw this online was at http://t.co/pmnvUXQlbz

  • King_Anonymous

    Fucking bullshit. Millions of people get apied on every day through Google Play apps. Such a thing os NOT happening via external apps only, dumbass.

  • invasion/destruct-victim

    Complete oxymoron. Go visit a Tibetan monestary, place your forehead to the ground and find yourself. This is still reality... And I mean literal not virtual. We could die tomorrow... Peoples lives and privacy is not to be taken lightly. Remember there is someone bigger watching you.