Google axed massive Android adfraud botnet Chamois from Play Store
The malware was originally a university project – meant to be an open-source application that provided remote control of an Android system REUTERS/Dado Ruvic/Illustration

A new variant of an Android malware has been discovered, which comes with extensive data-stealing and spying abilities, allowing hackers to gain access to almost all data on infected devices. The malware, dubbed AndroRAT, was first discovered in 2012.

The malware was originally a university project – meant to be an open-source application that provided remote control of an Android system. However, AndroRAT was eventually also discovered by cybercriminals, which in turn launched its malicious journey.

According to security researchers at Trend Micro, who discovered the new version of the malware, it targets a vulnerability that was publicly disclosed in 2016. Exploiting the flaw allows hackers to hijack older Android devices, allowing them access to an extensive amount of data stored in the infected devices. Although Google already patched the vulnerability, older Android devices may still be vulnerable.

"Ideally, any device launched or updated after April 2016 will not be vulnerable," Trend Micro researchers said in a blog.

The new version of the malware disguises itself as an app called TrashCleaner, which once installed, can allow hackers to perform various malicious activities. The malware can hijack devices to use the front camera to take high-resolution photos, record audio, steal files and more.

"The first time TrashCleaner runs, it prompts the Android device to install a Chinese-labeled calculator app that resembles a pre-installed system calculator. Simultaneously, the TrashCleaner icon will disappear from the device's UI and the RAT is activated in the background," Trend Micro researchers said.

In addition to possessing the original features of AndroRAT, such as stealing GPS location, contacts, Wi-Fi names, device model details, SMS messages and more, the new variant also comes with new abilities. These include the ability to steal a list of all the installed apps, steal browser history and Wi-Fi passwords, record calls, upload files into the infected device, send and delete SMS messages, install a keylogger and use the front camera to capture high resolution photos.

"Users should refrain from downloading apps from third-party app stores to avoid being targeted by threats like AndroRAT," Trend Micro researchers warned. "Downloading only from legitimate app stores can go a long way when it comes to device security. Regularly updating your device's operating system and apps also reduce the risk of being affected by exploits for new vulnerabilities."