LFI to RCE via access_log injection

Symantec discovered Android Malware Toolkit named Dendroid

android hacking tool download
Android platform is becoming vulnerable day by day and hackers always try to manipulate android by applying novel techniques. In this regard, Symantec researchers have found a new android malware toolkit named “Dendroid”.

Previously Symantec found an Android Remote admin tool named AndroRAT is believed to be the first malware APK binder. However, Dendroid runs on HTTP with many malicious features.

Dendroid toolkit is able to generate a malicious apk file that offers amazing features like:
  • Can delete call logs
  • Open web pages
  • Dial any number
  • Record calls
  • SMS intercepting
  • Upload images, video
  • Open an application
  • Able to perform DoS attack
  • Can change the command and control server
The author of Dendroid also offers 24/7 customer support for this RAT and Android users can buy this toolkit at $300 by paying Bitcoin, Lifecoin.

Experts at Symantec said that Dendroid has some connection with the previous AndroRAT toolkit. Dendroid being an HTTP RAT offers PHP panel, firmware interface, and an APK binder package. The official seller of Dendroid is identified as “Soccer” and it endow with amazing features that have never been offered before this.
Dendroid
Symantec believes that there is a strong marketplace for such malicious tools. Even on PC platform, many crimeware toolkits like Zeus (Trojan.Zbot) and SpyEye (Trojan.Spyeye) performed high profile crimes. Such toolkits became popular due to ease of use. Symantec is also observing over Dendroid and advice users to install Norton Mobile Security to detect this threat.

According to a well-known report, Android is a dominant player in spreading mobile malware. Due to open source platform, Android is on the target of cyber criminals. Many experts have also predicted that the year of 2014 will be of malware attacks and data theft. It is believed that these attacks will happen onmajor OS, including Android, iOS, and Blackberry, etc. 

It is sensible to download apps from trusted source (Google Play). If you download application from an unknown source, you may fall victim of a cyber attack.

Comments