Dendroid (malware): Difference between revisions
Content deleted Content added
m →See also: added Denial-of-service attack to the list |
No edit summary |
||
| (24 intermediate revisions by 13 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Android based malware}} |
|||
'''Dendroid''' is a [[Malware]] that affects Android OS and targets the mobile platform.<ref>http://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid</ref> |
|||
'''Dendroid''' is [[malware]] that affects Android OS and targets the mobile platform.<ref>{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a29d7d7a-f150-46cf-9bb9-a1f9f4d32a80&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=Android RATs Branch out with Dendroid | publisher=[[NortonLifeLock|Symantec]] | date=5 March 2014 | access-date=23 October 2016 | author=Coogan, Peter}}</ref> |
|||
It was first discovered in early of 2014 by Symantec and appeared |
It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.<ref>{{cite web | url=http://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html | title=Dendroid – A new Android RAT available on the underground | publisher=securityaffairs.co | date=March 7, 2014 | accessdate=23 October 2016 | author=Paganini, Pierluigi}}</ref> |
||
Certain features were noted as being used in Dendroid, such as the ability to hide from emulators at the time.<ref>{{cite web | url=https://www.bluecoat.com/security-blog/2014-05-27/dendroid-under-hood-%E2%80%93-look-inside-android-rat-kit | title=Dendroid under the hood – A look inside an Android RAT kit | publisher=Blue Coat Labs | date=May 27, 2014 | accessdate=23 October 2016 | author=Leder, Felix}}</ref> |
|||
When first discovered in 2014 it was one of the most sophisticated Android |
When first discovered in 2014 it was one of the most sophisticated Android [[Remote administration software|remote administration tool]]s known at that time.<ref>{{cite web | url=https://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/ | title=Dendroid spying RAT malware found on Google Play | publisher=helpnetsecurity.com | date=March 7, 2014 | accessdate=23 October 2016 | author=Zorz, Zeljka}}</ref> |
||
It was one of the first Trojan |
It was one of the first [[Trojan horse (computing)|Trojan application]]s to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.<ref>{{cite web | url=http://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html | title=New crimeware tool Dendroid makes it easier to create Android malware, researchers warn | publisher=[[PC World]] | date=Mar 6, 2014 | accessdate=23 October 2016}}</ref> |
||
It also |
It also seems to have followed in the footsteps of [[Zeus (malware)|Zeus]] and SpyEye by having simple-to-use command and control panels.<ref>{{cite web | url=https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718 | title=Source Code leaks for Android RAT Dendroid | publisher=mysonicwall.com | date=Aug 29, 2014 | accessdate=23 October 2016}}</ref> |
||
The code appeared to be leaked somewhere around 2014<ref>http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online</ref> |
The code appeared to be leaked somewhere around 2014.<ref>{{cite web | url=http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online | title=Source Code of Android RAT Dendroid Leaked Online | publisher=securityweek.com | accessdate=23 October 2016 | author=Kovacs, Eduard| date=20 August 2014 }}</ref> |
||
It was noted that an [[File binder|apk binder]] was included in the leak which provided a simple way to bind |
It was noted that an [[File binder|apk binder]] was included in the leak, which provided a simple way to bind Dendroid to legitimate applications. |
||
It is capable of: |
|||
* |
* Deleting call logs |
||
* Opening web pages |
* Opening web pages |
||
* Dialing any number |
* Dialing any number |
||
* Recording calls |
* Recording calls |
||
* SMS intercepting |
* SMS intercepting |
||
* |
* Uploading images and video |
||
* Opening an application |
* Opening an application |
||
* |
* Performing [[denial-of-service attack]]s |
||
* |
* Changing the command and control server<ref>{{cite web | url=http://thehackernews.com/2014/03/symantec-discovered-android-malware.html | title=Symantec discovered Android Malware Toolkit named Dendroid | publisher=thehackernews.com | date=March 5, 2014 | accessdate=23 October 2016 | author=Wei, Wang}}</ref> |
||
==See also== |
==See also== |
||
* [[Botnet]] |
* [[Botnet]] |
||
* [[ |
* [[Mirai (malware)|Mirai]] |
||
| ⚫ | |||
* [[File binder]] |
|||
* [[Shedun]] |
* [[Shedun]] |
||
* [[Trojan horse]] |
|||
* [[Zombie (computer science)]] |
* [[Zombie (computer science)]] |
||
* Kill system |
|||
* [[Zeus (malware)]] |
|||
==References== |
==References== |
||
{{Reflist}} |
{{Reflist}} |
||
{{Hacking in the 2010s}} |
|||
| ⚫ | |||
| ⚫ | |||
[[Category:Android (operating system) malware]] |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
Latest revision as of 03:28, 29 May 2024
Dendroid is malware that affects Android OS and targets the mobile platform.[1]
It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.[2] Certain features were noted as being used in Dendroid, such as the ability to hide from emulators at the time.[3] When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time.[4] It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.[5] It also seems to have followed in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels.[6] The code appeared to be leaked somewhere around 2014.[7] It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.
It is capable of:
- Deleting call logs
- Opening web pages
- Dialing any number
- Recording calls
- SMS intercepting
- Uploading images and video
- Opening an application
- Performing denial-of-service attacks
- Changing the command and control server[8]
See also
[edit]- Botnet
- Mirai
- Shedun
- Zombie (computer science)
- Kill system
References
[edit]- ^ Coogan, Peter (5 March 2014). "Android RATs Branch out with Dendroid". Symantec. Retrieved 23 October 2016.
- ^ Paganini, Pierluigi (March 7, 2014). "Dendroid – A new Android RAT available on the underground". securityaffairs.co. Retrieved 23 October 2016.
- ^ Leder, Felix (May 27, 2014). "Dendroid under the hood – A look inside an Android RAT kit". Blue Coat Labs. Retrieved 23 October 2016.
- ^ Zorz, Zeljka (March 7, 2014). "Dendroid spying RAT malware found on Google Play". helpnetsecurity.com. Retrieved 23 October 2016.
- ^ "New crimeware tool Dendroid makes it easier to create Android malware, researchers warn". PC World. Mar 6, 2014. Retrieved 23 October 2016.
- ^ "Source Code leaks for Android RAT Dendroid". mysonicwall.com. Aug 29, 2014. Retrieved 23 October 2016.
- ^ Kovacs, Eduard (20 August 2014). "Source Code of Android RAT Dendroid Leaked Online". securityweek.com. Retrieved 23 October 2016.
- ^ Wei, Wang (March 5, 2014). "Symantec discovered Android Malware Toolkit named Dendroid". thehackernews.com. Retrieved 23 October 2016.