Dendroid (malware): Difference between revisions

Content deleted Content added

Inline

Revision as of 07:31, 28 September 2016

Dendroid is malware that affects Android OS and targets the mobile platform.^[1]

It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.^[2] Some things were noted in Dendroid, such as being able to hide from emulators at the time.^[3] When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time.^[4] It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.^[5] It also seemed to follow in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels.^[6] The code appeared to be leaked somewhere around 2014.^[7] It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.

It is capable of:

Deleting call logs
Opening web pages
Dialing any number
Recording calls
SMS intercepting
Upload images, video
Opening an application
Able to perform a denial-of-service attack attack
Can change the command and control server^[8]

References

[1] ttp://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid

[2] ttp://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html

[3] ttps://www.bluecoat.com/security-blog/2014-05-27/dendroid-under-hood-%E2%80%93-look-inside-android-rat-kit

[4] ttps://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/

[5] ttp://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html

[6] ttps://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718

[7] ttp://www.securityweek.com/source-code-android-rat-dendroid-leaked-online

[8] ttp://thehackernews.com/2014/03/symantec-discovered-android-malware.html

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

@@ Line 1: / Line 1: @@
-'''Dendroid''' is a [[Malware]] that affects Android OS and targets the mobile platform.<ref>http://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid</ref>
+'''Dendroid''' is [[malware]] that affects Android OS and targets the mobile platform.<ref>http://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid</ref>
-It was first discovered in early of 2014 by Symantec and appeared on the underground for sale for $300.<ref>http://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html</ref>
+It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.<ref>http://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html</ref>
 Some things were noted in Dendroid, such as being able to hide from emulators at the time.<ref>https://www.bluecoat.com/security-blog/2014-05-27/dendroid-under-hood-%E2%80%93-look-inside-android-rat-kit</ref>
-When first discovered in 2014 it was one of the most sophisticated Android RATs known during that time<ref>https://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/</ref>
+When first discovered in 2014 it was one of the most sophisticated Android [[Remote administration software|remote administration tool]]s known at that time.<ref>https://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/</ref>
-It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it<ref>http://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html</ref>
+It was one of the first [[Trojan horse (computing)|Trojan application]]s to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.<ref>http://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html</ref>
-It also seemed to follow in the footsteps of Zeus and SpyEye by having simple to use [[Command and control]] panels<ref>https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718</ref>
+It also seemed to follow in the footsteps of [[Zeus (malware)|Zeus]] and SpyEye by having simple-to-use [[Command and control (malware)|command and control]] panels.<ref>https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718</ref>
-The code appeared to be leaked somewhere around 2014<ref>http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online</ref>
+The code appeared to be leaked somewhere around 2014.<ref>http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online</ref>
-It was noted that an [[File binder|apk binder]] was included in the leak which provided a simple way to bind dendroid to legitimate applications.
+It was noted that an [[File binder|apk binder]] was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.
-''It's capable of''
+It is capable of:
-* deleting call logs
+* Deleting call logs
 * Opening web pages
 * Dialing any number
@@ Line 18: / Line 18: @@
 * Upload images, video
 * Opening an application
-* Able to perform DoS attack
+* Able to perform a [[denial-of-service attack]] attack
 * Can change the command and control server<ref>http://thehackernews.com/2014/03/symantec-discovered-android-malware.html</ref>
 ==See also==
 * [[Botnet]]
-* [[Command and control (malware)]]
-* [[Denial-of-service attack]]
-* [[File binder]]
 * [[Shedun]]
-* [[Trojan horse]]
 * [[Zombie (computer science)]]
-* [[Zeus (malware)]]
 ==References==