What Is Xdm Service/remote Controls On Cell Phone

Biz & Information technology —

Android malware that gives hackers remote control is on rise

Tool lets hackers "bind" remote access tool to legitimate apps.

A banner ad from a malware marketplace for a "binder" kit for the Androrat remote administration tool. — A banner advertising from a malware market for a "binder" kit for the Androrat remote administration tool.

Symantec

Remote access tools have long been a major part of targeted hacker attacks on individuals and corporate networks. RATs take been used for everything from hacking the electronic mail boxes of New York Times reporters to capturing video and sound of victims over their webcams. Recently, wireless broadband and the power of smartphones and tablets have extended hackers' reach beyond the desktop. In a web log post yesterday, Symantec Senior Software Engineer Andrea Lelli described the ascent of an underground marketplace for malware tools based on Androrat, a remote administration tool that can give an attacker complete control over devices running the Android OS.

Androrat was published on GitHub in Nov 2012 as an open up source tool for remote assistants of Android devices. Packaged as a standard Android awarding (in an APK file), Androrat can be installed as a service on the device that launches at get-go-up or equally a standard "activity" application. In one case it'south installed, the user doesn't need to interact with the application at all—it tin can exist activated remotely by an SMS message or a call from a specific telephone number.

The app tin can grab phone call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It tin can provide live monitoring of call action, take pictures with the phone's camera, and stream sound from the phone's microphone back to its server. It tin also mail "toasts" (application letters) on the screen, place phone calls, transport text letters, and open websites in the phone's browser. If it is launched equally an awarding (or "activity"), it tin can even stream video from the camera back to the server.

Hackers have taken Androrat's code and run with it. Recently, underground marketplaces for malware have begun to offer Androrat "binder" tools, which tin attach the RAT to the APK files of other legitimate applications. When a user downloads what appears to be a harmless app that has been leap to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android's security model. Symantec reports that analysts have plant 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other "commercial" malware, such as Adwind—a Java-based RAT that can be used confronting multiple operating systems.

Lelli said that Symantec has detected "several hundred" cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey. But at present that binders are available to anyone willing to pay for them, the potential for infection to spread is growing rapidly.