santiago silver - Fotolia

Italian-based Android RAT spies on mobiles in Japan and China, say researchers

Researchers discover an Italian-based Android RAT designed for spying that is targeting mobile devices using their unique identification codes

Security researchers have discovered an Android remote access Trojan (RAT) that is targeting specific rooted mobile devices in China and Japan.

The RAT appears to be designed as a spy tool with the ability to take screenshots, listen in on phone calls and upload the data to command and control (C&C) servers based in Italy, according to researchers at security firm Bitdefender.

The researchers believe that up to 80% of China’s mobile users are at risk due to the prevalence of rooted phones in the marketplace.

However, the RAT appears to target specific Android users because targets are selected based on mobile devices’ unique international mobile equipment identity (IMEI) codes, based on samples analysed in the first half of 2016.

Although the RAT seems to be designed to work only on rooted devices, the researchers said if a targeted device is not rooted, previous Bitdefender research has shown that some malicious Android applications include the capability of rooting Android devices, regardless of the version of the operating system they are running.

Other security researchers have also revealed that some malware can even pack up to 18 different Android rooting modules to gain full control over the device. However, in that particular instance, the Trojan was used to generate revenue only by downloading and installing apps on victims’ devices, not to install surveillance tools.

Consequently, it is not difficult to envision a scenario in which a device can be stealthily rooted and then remotely controlled with a RAT, the researchers said.

The fact that the malware uses specific IMEI codes to select victims, they said, indicates that it is possibly part of a wider attack that is yet to be uncovered. This is because this type of selectivity is typically associated with advanced persistent threat (APT) operations.

Read more about mobile security

Bitdefender said the RAT has been distributed under two package names, “it.cyprus.client” and “it.assistenzaumts.update”, which both have the same functionality with zero impact on the target device.

To safeguard against threats such as these, the Bitdefender researchers said it is imperative that mobile devices always have a suitable mobile security system in place to prevent malicious packages from installing.

Users should also make sure they only download verified apps from official marketplaces, they said.

Unofficial sources of Android apps are the biggest potential sources of malware, which could potentially compromise corporate networks and data where employee-owned devices are used also used for business.  

Businesses must ensure mobile security controls are deployed and enforced on every device used to access corporate data and apps, according to MobileIron’s latest mobile security and risk review.

Enterprises continue to fall short when it comes to protecting corporate data on mobile apps and devices, the report said, with only 8% of companies enforcing operating system updates and less than 5% using app reputation or mobile threat detection software.

Read more on Endpoint security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

RAT indeed. Living in a tech world is way too much like running through Times Square in the nude.... Oh wait, people are already doing that. But since I'd prefer not to be fully exposed, there's no reason to tolerate this invasion of privacy. What I'm missing here is (1) how to drown the RAT and (2) how to sue the company that compromised my mobile.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close