Malware Alert: SandroRAT Masquerades as Anti-Virus App, Infects Your Mobile Devices and Steals Confidential Data
SandroRAT is used by hackers, to affect mobile devices, and steal users' confidential information.Reuters

Newer malware programs, designed to invade digital privacy of users and suck out confidential information, are constantly on the rise, and these rogue programs are being updated with enhanced destructive ability by hackers across the world.

One such Android malware program has been detected in Europe, by researchers at McAfee Labs., and this malware is an Android Remote Access Trojan (RAT), termed as SandroRAT, which affects users on mobile devices by masquerading as a legitimate Anti-Virus application that transmits via phishing email messages.

"Recently McAfee Labs received a new mobile malware sample from a customer in Poland with the name Kaspersky_Mobile_Security.apk. It arrives as an attachment with a phishing email message," states Kaspersky, in an official blog post.

The malware targets users' mailbox, and transmits via a an email message which states that users' (particular) bank is providing a free mobile security application to detect malware that steals SMS codes for authorizing electronic transactions.

This email message is transmitted to users' mailbox, with the subject "Caution! Detected Malware on your phone!", which seemingly tricks mobile users into opening and downloading the rogue attachment.

However, the attachment is in fact a variant of the SandroRAT malware that steals users' confidential data, and transmits stolen data to cyber criminals.

According to security researchers at McAfee Labs, SandroRAT is capable of the following criminal activities:

  • Steal sensitive personal information such as contact list, SMS messages (inbox, outbox, and sent), call logs (incoming, outgoing, and missed calls), browser history (title, link, date), bookmarks and GPS location (latitude and longitude).
  • Intercept incoming calls and record those in a WAV file on the SD card to later leak the file.
  • Update itself (or install additional malware) by downloading and prompting the user to install the file update.apk.
  • Intercept, block, and steal incoming SMS messages.
  • Send MMS messages with parameters (phone number and text) provided by the control server.
  • Insert and delete SMS messages and contacts.
  • Record surrounding sound and store it in an adaptive multi-rate file on the SD card to later send to a remote server.
  • Open the dialer with a number provided by the attacker or execute USSD codes.
  • Display Pop-Up messages on the infected device.

Combating SandroRAT

McAfee states that to combat the SandroRAT malware, it is imperative for users to install a trusted anti-malware software program within their mobile devices, and keep the program's database updated at all times.

As of now, SandroRAT has been found to target mobile users in Poland, who prefer to indulge themselves in online banking.

"Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with tools like SandroRAT. This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behaviour of legitimate banks.

"McAfee Mobile Security detects this Android threat and alerts mobile users if it is present, while protecting them from any data loss", add engineers at McAfee Labs.