Anew type of Android malware that provides hackers with a nearly-full access to a user’s Android smartphone is doing the rounds on underground forums. Called ‘Rogue’ remote administration tool (RAT), the malware infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as more sensitive information like a user’s financial data. The malware, according to reports, is available on underground forums for as low as $29.99 (roughly Rs 2,200).
This low-cost malware threatens a full-scale takeover of a victim’s smartphone, monitoring the GPS location on the target, taking screenshots, using the camera to take pictures, secretly recording audio from calls and more. The virus does all this while being hidden from the owner of the smartphone. All an attacker needs is their own smartphone to issue commands on an infected device. This malware has been detailed by cybersecurity researchers at Checkpoint Research as a combination of two previous families of Android RATs – Cosmos and Hawkshaw – and demonstrates the evolution of malware development on the dark web.
While there is no single way in which hackers install Rogue, it is usually pushed on a victim’s smartphone either by phishing, malicious apps, or other such methods. After being downloaded on a smartphone, Rogue asks for permissions that it needs for the hacker to remotely access a smartphone. If the permissions are not granted, it will repeatedly ask the user to grant them until they do (like many other apps these days).
Once the permissions are granted, Rogue registers itself as the device administrator and hides its icon from the home screen. If the user tries to remove it as the administrator, they are met with a “Are you sure to wipe all the data?” prompt, something that mostly scares people off attempting to remove the installation, fearing they’ll wipe their entire device.
The Rogue RAT exploits Google’s Firebase service for apps in order to pretend to be a legitimate app on the device and help it remain embedded and active. Once successfully installed on a device, the malware also installs its own notification service, allowing hackers to examine what notification and pop-ups a victim receives.
The only way to avoid falling victim to this is to not click and suspicious links or download apps from outside sources other than Google Play and Apple App Store. Further, it is also important to make sure all security updates are installed on the device.