Android Owner Warning: New AndroRAT Exploits Dated Permanent Rooting Vulnerability, Allows Privilege Escalation

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on AndroRAT
What is most likely to be an overlooked story from blog.trendmicro.com dissects how Trend Micro has discovered a new variant of Android Remote Access Tool (AndroRAT), identified as ANDROIDOS_ANDRORAT.HRXC, capable of injecting root attacks for malicious tasks such as silent installation, shell command execution, WiFi password collection and screen capture. This AndroRAT targeted CVE-2015-1805, a publicly disclosed vulnerability in 2016 that allows an attacker to penetrate older Android devices to perform its privilege escalation.
AndroRAT Exploits
RAT has always been a common Windows threat, so it should not be surprising for Android. The RAT must have root privileges – usually by exploiting the vulnerability – to control the system. The original author found in 2012 that AndroRAT was originally a university project that, as an open source client / server application, could provide remote control of the Android system, which naturally attracted cybercriminals.
This new variant of AndroRAT disguises itself as a malicious utility called TrashCleaner, which is probably downloaded from a malicious URL. When TrashCleaner first runs, it prompts the Android device to install a Chinese-labeled calculator application similar to a pre-installed system calculator. At the same time, the TrashCleaner icon disappears from the device’s UI and the RAT is activated in the background.
Configurable RAT services are controlled by the remote server, which may mean that commands may be issued to trigger different operations. This variant activates embedded root attacks when performing privileged operations. It performs the following malicious actions in the original AndroRAT:
Record audio
Use your device camera to take a picture
Steal system information, such as phone model, number, IMEI and so on.
Pirates WiFi names connected to the device
Theft of call logs including incoming and outgoing calls
Theft of mobile network cell location
Theft of GPS location
Theft of contacts list
Theft of files on the device
Theft of list of running apps
Theft of SMS from device inbox
Monitor incoming and outgoing SMS
In addition to the original functionality of AndroRAT, it performs new privileged operations:
Theft of mobile network information, storage capacity, rooted or not
Theft of list of installed applications
Theft of web browsing history from pre-installed browsers
Theft of calendar events
Record calls
Upload files to victim device
Use front camera to capture high resolution photos
Delete and send forged SMS
Screen capture
Shell command execution
Theft of WiFi passwords
Enabling accessibility services for a key logger silently
Mobile network information theft, storage capacity, rooted or not
Misappropriation of the list of installed applications
CVE-2015-1805 was patched by Google in March 2016, but no more patches or longer rollouts may be affected by this new AndroRat variation. Older Android versions that are still in use by a large number of mobile users may still have vulnerabilities.
AndroRAT Exploits Countermeasures
Users should avoid downloading applications from third-party application stores to avoid threats such as AndroRAT. When it comes to device security, downloading from a legitimate app store may take a long way. Periodically updating the device’s operating system and applications can also reduce the risk posed by new exploits.

A new variant of the dreaded AndroRAT malware appeared in threat landscape
Security researchers from Trend Micro detected a new variant of the popular AndroRAT Android RAT in the criminal ecosystem. Security experts from Trend Micro reported the availability of a new variant of the popular AndroRAT. The malware was first born in 2012 as a university project, designed as an open-source client/server application to offer remote… A new variant of the dreaded AndroRAT malware appeared in threat landscape
 
Read More…
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a number of older Android devices to perform its privilege escalation. Post from: Trendlabs Security Intelligence Blog – by Trend Micro… Engaging post, Read More…
thumbnail courtesy of blog.trendmicro.com

(adsbygoogle = window.adsbygoogle || []).push({});

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Android Owner Warning: New AndroRAT Exploits Dated Permanent Rooting Vulnerability, Allows Privilege Escalation appeared first on Safe Harbor on Cyber.

Powered by WPeMatico

convert this post to pdf.