“TROJANIZING” APPS

Dendroid 'Trojanizer' Turns Apps Into Malware For Just $300

The word "Trojan" is  most related to a virus programme which almost anyone who's used to a computer System can comeby.

And with this in the recent development; the word "Trojan" could be right in your pocket. *winks*

As Crime goes commercial in day-to-day life, it therefore a MUST for you to be very careful.

There’s much latest in regard to the above statement;

Tom’s Guide released this: You can now buy a tool online that turns Android apps into malware in just a few simple steps.

Called Dendroid, the tool costs only $300 and comes with 24-hour support. Naturally, the developers accept Bitcoin.

First discovered by security research firm Symantec, Dendroid is a remote access tool (RAT) that “trojanizes” legitimate apps by inserting its malicious code into the application package file, or APK.

Dendroid, whose name is an adjective meaning “treelike” or “branching,” can be purchased on underground online markets from a user who goes by “Soccer.”  

Dendroid buyers also receive what’s called an APK binder, which lets them “bind” Dendroid’s functionality into the APK, thus creating an app that looks normal on the outside but is full of malware on the inside.

Criminals can then put the infected app into an Android app market, and anyone tricked into downloading and installing it will be infected. The malware can’t trojanize apps that are already downloaded onto your phone.

Dendroidified apps can do just about anything a cybercriminal could want: delete the infected phone’s call logs, make it secretly call specific phone numbers, open Web pages, intercept text messages and more. The malware can even access the phone’s microphone and camera to silently record calls and take video and photos.

Users can control these features through a command-and-control server, which appears to be included in Dendroid’s $300 price.

Mobile anti-malware developer Lookout claims that Dendroid seems designed to get its infected apps into the Google Play store, the official and most secure Android app store.

"We only detected a single application infected with Dendroid and it has already been removed from the Play Store," Lookout said on its blog. "However, the developer’s account is still open."

Injecting app APKs (Android application package file) with malware isn’t actually that difficult; cybercriminals have been doing it manually for years. Security researchers have even found other tools like Dendroid for automating the process, most famously the free AndroRAT. But Dendroid makes it easier and more accessible than ever.

To protect against Dendroid and other "Trojanizing" apps, make sure you have robust anti-virus protection on your phone and set it to frequently scan for malicious code. You should also only download Android apps from the Google Play store — make sure that “Unknown sources” is unchecked in your security settings — and then only from legitimate developers.