Dendroid (malware)

{{Short description|Android based malware}}

Dendroid is malware that affects Android OS and targets the mobile platform.{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a29d7d7a-f150-46cf-9bb9-a1f9f4d32a80&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=Android RATs Branch out with Dendroid | publisher=Symantec | date=5 March 2014 | access-date=23 October 2016 | author=Coogan, Peter}}

It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300.{{cite web | url=http://securityaffairs.co/wordpress/22848/cyber-crime/dendroid-new-android-rat.html | title=Dendroid – A new Android RAT available on the underground | publisher=securityaffairs.co | date=March 7, 2014 | accessdate=23 October 2016 | author=Paganini, Pierluigi}}

Certain features were noted as being used in Dendroid, such as the ability to hide from emulators at the time.{{cite web | url=https://www.bluecoat.com/security-blog/2014-05-27/dendroid-under-hood-%E2%80%93-look-inside-android-rat-kit | title=Dendroid under the hood – A look inside an Android RAT kit | publisher=Blue Coat Labs | date=May 27, 2014 | accessdate=23 October 2016 | author=Leder, Felix}}

When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time.{{cite web | url=https://www.helpnetsecurity.com/2014/03/07/dendroid-spying-rat-malware-found-on-google-play/ | title=Dendroid spying RAT malware found on Google Play | publisher=helpnetsecurity.com | date=March 7, 2014 | accessdate=23 October 2016 | author=Zorz, Zeljka}}

It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it.{{cite web | url=http://www.pcworld.com/article/2105500/new-crimeware-tool-dendroid-makes-it-easier-to-create-android-malware-researchers-warn.html | title=New crimeware tool Dendroid makes it easier to create Android malware, researchers warn | publisher=PC World | date=Mar 6, 2014 | accessdate=23 October 2016}}

It also seems to have followed in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels.{{cite web | url=https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=718 | title=Source Code leaks for Android RAT Dendroid | publisher=mysonicwall.com | date=Aug 29, 2014 | accessdate=23 October 2016}}

The code appeared to be leaked somewhere around 2014.{{cite web | url=http://www.securityweek.com/source-code-android-rat-dendroid-leaked-online | title=Source Code of Android RAT Dendroid Leaked Online | publisher=securityweek.com | accessdate=23 October 2016 | author=Kovacs, Eduard| date=20 August 2014 }}

It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.

It is capable of:

• Deleting call logs
• Opening web pages
• Dialing any number
• Recording calls
• SMS intercepting
• Uploading images and video
• Opening an application
• Performing denial-of-service attacks
• Changing the command and control server{{cite web | url=http://thehackernews.com/2014/03/symantec-discovered-android-malware.html | title=Symantec discovered Android Malware Toolkit named Dendroid | publisher=thehackernews.com | date=March 5, 2014 | accessdate=23 October 2016 | author=Wei, Wang}}