Security company Stealthcare has discovered a new Android malware that allows attacks to take control of a user's device for data exfiltration.
Jeremy Samide, Stealthcare CEO, warned: “Android is an attractive target since it is the dominant operating system globally and many of its users run outdated versions on their smartphones, tablets and other devices. At minimum, update your OS to protect your devices from this and variants we expect to see in the near future.”
Stealthcare emphasizes threat assessment as an essential cybersecurity component so that organizations can play offense in the increasingly sophisticated cyberwar. It introduced a new cybersecurity and threat assessment platform called 'Zero Day Live' in 2017.
“We initially observed the malware HeroRAT being distributed to those wishing to gain control over Android devices,” the report states.
“This is a Remote Access Trojan that abuses the Telegramprotocol so that hackers can gain command and control (C2) for data exfiltration. By using Telegram for C2 the hackers avoid detection because the traffic is between the user and trusted upload servers.”
Samide warned clients: “Although the malware’s source code is publicly available, disreputable operators offer paid models which include customer support. HeroRAT works on all Android versions but requires the victim to accept permissions that include gaining administrator privileges. The hackers rely on various attack vectors including third-party applications, social media and messaging.”
Samide, who has supported the US Department of Defense, intelligence community and federal law enforcement agencies, continued: “Protecting widely deployed operating systems like Android from hackers of all types is not an easy task but we have to take the gloves off and fight back."
First published in Enterprise Innovation