Jump to content

Dendroid (malware): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
added external link to source code archive (note that this archive has been uploaded by me for security purposes) (Disclosing COI and connection)
No edit summary
 
(13 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{Short description|Android based malware}}
'''Dendroid''' is [[malware]] that affects Android OS and targets the mobile platform.<ref>{{cite web | url=https://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid | title=Android RATs Branch out with Dendroid | publisher=[[Symantec]] | date=5 March 2014 | accessdate=23 October 2016 | author=Coogan, Peter}}</ref>
'''Dendroid''' is [[malware]] that affects Android OS and targets the mobile platform.<ref>{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a29d7d7a-f150-46cf-9bb9-a1f9f4d32a80&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=Android RATs Branch out with Dendroid | publisher=[[NortonLifeLock|Symantec]] | date=5 March 2014 | access-date=23 October 2016 | author=Coogan, Peter}}</ref>


It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.<ref>{{cite web | url=http://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html | title=Dendroid – A new Android RAT available on the underground | publisher=securityaffairs.co | date=March 7, 2014 | accessdate=23 October 2016 | author=Paganini, Pierluigi}}</ref>
It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.<ref>{{cite web | url=http://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html | title=Dendroid – A new Android RAT available on the underground | publisher=securityaffairs.co | date=March 7, 2014 | accessdate=23 October 2016 | author=Paganini, Pierluigi}}</ref>
Some things were noted in Dendroid, such as being able to hide from emulators at the time.<ref>{{cite web | url=https://www.bluecoat.com/security-blog/2014-05-27/dendroid-under-hood-%E2%80%93-look-inside-android-rat-kit | title=Dendroid under the hood – A look inside an Android RAT kit | publisher=Blue Coat Labs | date=May 27, 2014 | accessdate=23 October 2016 | author=Leder, Felix}}</ref>
Certain features were noted as being used in Dendroid, such as the ability to hide from emulators at the time.<ref>{{cite web | url=https://www.bluecoat.com/security-blog/2014-05-27/dendroid-under-hood-%E2%80%93-look-inside-android-rat-kit | title=Dendroid under the hood – A look inside an Android RAT kit | publisher=Blue Coat Labs | date=May 27, 2014 | accessdate=23 October 2016 | author=Leder, Felix}}</ref>
When first discovered in 2014 it was one of the most sophisticated Android [[Remote administration software|remote administration tool]]s known at that time.<ref>{{cite web | url=https://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/ | title=Dendroid spying RAT malware found on Google Play | publisher=helpnetsecurity.com | date=March 7, 2014 | accessdate=23 October 2016 | author=Zorz, Zeljka}}</ref>
When first discovered in 2014 it was one of the most sophisticated Android [[Remote administration software|remote administration tool]]s known at that time.<ref>{{cite web | url=https://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/ | title=Dendroid spying RAT malware found on Google Play | publisher=helpnetsecurity.com | date=March 7, 2014 | accessdate=23 October 2016 | author=Zorz, Zeljka}}</ref>
It was one of the first [[Trojan horse (computing)|Trojan application]]s to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.<ref>{{cite web | url=http://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html | title=New crimeware tool Dendroid makes it easier to create Android malware, researchers warn | publisher=[[PC World]] | date=Mar 6, 2014 | accessdate=23 October 2016}}</ref>
It was one of the first [[Trojan horse (computing)|Trojan application]]s to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.<ref>{{cite web | url=http://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html | title=New crimeware tool Dendroid makes it easier to create Android malware, researchers warn | publisher=[[PC World]] | date=Mar 6, 2014 | accessdate=23 October 2016}}</ref>
It also seems to have follow in the footsteps of [[Zeus (malware)|Zeus]] and SpyEye by having simple-to-use [[Command and control (malware)|command and control]] panels.<ref>{{cite web | url=https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718 | title=Source Code leaks for Android RAT Dendroid | publisher=mysonicwall.com | date=Aug 29, 2014 | accessdate=23 October 2016}}</ref>
It also seems to have followed in the footsteps of [[Zeus (malware)|Zeus]] and SpyEye by having simple-to-use command and control panels.<ref>{{cite web | url=https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718 | title=Source Code leaks for Android RAT Dendroid | publisher=mysonicwall.com | date=Aug 29, 2014 | accessdate=23 October 2016}}</ref>
The code appeared to be leaked somewhere around 2014.<ref>{{cite web | url=http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online | title=Source Code of Android RAT Dendroid Leaked Online | publisher=securityweek.com | accessdate=23 October 2016 | author=Kovacs, Eduard}}</ref>
The code appeared to be leaked somewhere around 2014.<ref>{{cite web | url=http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online | title=Source Code of Android RAT Dendroid Leaked Online | publisher=securityweek.com | accessdate=23 October 2016 | author=Kovacs, Eduard| date=20 August 2014 }}</ref>
It was noted that an [[File binder|apk binder]] was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.
It was noted that an [[File binder|apk binder]] was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.


Line 23: Line 24:
==See also==
==See also==
* [[Botnet]]
* [[Botnet]]
* [[Mirai (malware)|Mirai]]
* [[Shedun]]
* [[Shedun]]
* [[Zombie (computer science)]]
* [[Zombie (computer science)]]
* Kill system


==References==
==References==
{{Reflist}}
{{Reflist}}


{{Hacking in the 2010s}}
==External links==
* [https://github.com/FockeWulf-FW-190/Dendroid Dendroid source code archive on GitHub]


[[Category:Android malware]]
[[Category:Android (operating system) malware]]
[[Category:Botnets]]
[[Category:Botnets]]
[[Category:Denial-of-service attacks]]
[[Category:Denial-of-service attacks]]
[[Category:Mobile Malware]]
[[Category:Mobile malware]]

Latest revision as of 03:28, 29 May 2024

Dendroid is malware that affects Android OS and targets the mobile platform.[1]

It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.[2] Certain features were noted as being used in Dendroid, such as the ability to hide from emulators at the time.[3] When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time.[4] It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.[5] It also seems to have followed in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels.[6] The code appeared to be leaked somewhere around 2014.[7] It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.

It is capable of:

  • Deleting call logs
  • Opening web pages
  • Dialing any number
  • Recording calls
  • SMS intercepting
  • Uploading images and video
  • Opening an application
  • Performing denial-of-service attacks
  • Changing the command and control server[8]

See also

[edit]

References

[edit]
  1. ^ Coogan, Peter (5 March 2014). "Android RATs Branch out with Dendroid". Symantec. Retrieved 23 October 2016.
  2. ^ Paganini, Pierluigi (March 7, 2014). "Dendroid – A new Android RAT available on the underground". securityaffairs.co. Retrieved 23 October 2016.
  3. ^ Leder, Felix (May 27, 2014). "Dendroid under the hood – A look inside an Android RAT kit". Blue Coat Labs. Retrieved 23 October 2016.
  4. ^ Zorz, Zeljka (March 7, 2014). "Dendroid spying RAT malware found on Google Play". helpnetsecurity.com. Retrieved 23 October 2016.
  5. ^ "New crimeware tool Dendroid makes it easier to create Android malware, researchers warn". PC World. Mar 6, 2014. Retrieved 23 October 2016.
  6. ^ "Source Code leaks for Android RAT Dendroid". mysonicwall.com. Aug 29, 2014. Retrieved 23 October 2016.
  7. ^ Kovacs, Eduard (20 August 2014). "Source Code of Android RAT Dendroid Leaked Online". securityweek.com. Retrieved 23 October 2016.
  8. ^ Wei, Wang (March 5, 2014). "Symantec discovered Android Malware Toolkit named Dendroid". thehackernews.com. Retrieved 23 October 2016.
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Dendroid_(malware)&oldid=1226194940"