New Android Threat on the Prowl: Krysanec Malware Masquerades as Legitimate Apps, Unleashes Remote Access Trojans within Your Smartphones
Krysanec malware can even give hackers remote access to your location, along with enabling them to remotely record your phone calls.

Google Android has become the target of hackers and cyber-criminals who are looking at bombarding the most popular mobile operating system in the world with new sophisticated threats.

Falling into this category of sophisticated threats is a new piece of malware discovered by researchers at online security firm ESET that unleashes a trojan-horse called Krysanec, which is a Remote Access Trojan (RAT).

Krysanec infects Android devices by masquerading as legitimate applications, and even displays dubious credentials of its creators, to trick Android smartphone users into downloading the app, post which the trojan opens backdoors for hackers to remotely gain access to user data.

Once on a host device, Krysanec allows its creators to add extra functionality in the form of additional plug-in modules that can potentially upgrade the existing basic malware capabilities of Krysanec.

The additional plug-ins, once executed and installed within the infected Android device, could allow the hackers to record audio via the device's microphone, tap into the user's text messages/contacts list, send text messages and even detect the user's location with the help of the host Android device's GPS functionality.

How Krysanec spreads?

According to ESET, the most common mechanism used by Krysanec is disguise.

The Android malware poses as one of the popular applications such as cracked versions of various popular paid apps /games, and deceives users to download the application.

This phenomenon is common when users prefer third-party repositories (over the more secure Google Play Store), to download popular apps.

"Quite often the legitimate functionality is present, but with a malicious aftermarket addition – the very essence of a trojan horse," say ESET engineers.

Folks at ESET also warn that the malware can be injected by cyber-criminals into really legitimate applications, which leads to the malware spreading even faster.

Krysanec-infested Android apps

ESET states that its engineers have detected the Krysanec Android RAT in a malicious version of the Mobile Bank application, which is a banking app used by prominent banks in Russia. A spurious application (containing Krysanec) masquerading as the 3G Traffic Guard application (3G Traffic Guard monitors data usage) was also discovered.

Also, ESET's security experts say that Krysanec has been circulating on various Russian filesharing web-portals and social networks in the country.

"The malware was found to be distributed through several channels, including a typical filesharing (think Warez) site or a Russian social network. The screenshots below show an account that was used to host the trojan lurking inside legitimate apps," they said.

This suggest that Krysanec is being primarily targeted at Android smartphone users in Russia.

Combating Krysanec

Since Krysanec has been found to invade third-party app repositories, users are advised to choose trustworthy app stores such as Google Play.

Also, Android owners should examine the apps that they choose to install on their devices, users searching for apps from less reliable sources (other than the Google Play store), and those on the lookout for cracked versions of popular apps are advised to install state-of-the-art security solutions within their devices, and examine all permissions that the app requests for.