Threat Category: Malicious or privacy-invasive application
ID: APP-34
Threat Description: Malicious apps built with effective code execution exploits against the mobile OS and the ability to receive remote commands can provide a resourceful attacker with considerable control over a compromised mobile device. Typical usage of remote control functionality has been using build-in sensors, such as the microphone and camera, to surveil the user. However, an attacker can potentially exercise any capability of the device.
Threat Origin
Not Applicable, See Exploit or CVE Examples
Exploit Examples
Dendroid malware can take over your camera, record audio, and sneak into Google Play 1
Mobile RAT attack makes Android the ultimate spy tool 2
CVE Examples
Not Applicable
Possible Countermeasures
Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.
Deploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.
Use app-vetting tools or services to identify apps that appear to provide remote control to an attacker.
Use application threat intelligence services to identify apps flagged as providing remote access to an attacker
Mobile Device UserUse Android Verify Apps feature to identify potentially harmful apps.
When installing apps, be suspicious of those requesting access to OS services or sensors that do not appear related to the functionality of the app
References
M. Rogers, “Dendroid malware can take over your camera, record audio, and sneak into Google Play”, blog, 6 Mar. 2014;https://blog.lookout.com/blog/2014/03/06/dendroid/ [accessed 8/31/16] ↩
D. Storm, “Mobile RAT attack makes Android the ultimate spy tool”, Computerworld, 1 Mar. 2012; www.computerworld.com/article/2472441/cybercrime-hacking/mobile-rat-attack-makes-android-the-ultimate-spy-tool.html [accessed 8/25/2016] ↩