Hey, guys! How y’all doing?
As the blog title suggests, today we’re going to take a look at a new Android malware that has popped up, with the sole purpose of making our lives difficult - as usual.
This Android malware, called ‘Rogue’, is a RAT (remote access trojan) that allows cyber criminals to pretty much conduct a full-scale espionage on the affected device. Unsurprisingly, just like most malware activity, victims would be completely clueless as to what’s happening to their device and privacy.
I’m sure you’ve got a hundred questions in your minds by now. So, let’s go rogue with Rogue!
Rogue isn’t a completely new malware on its own. It’s considered new but in technicality, it’s the destructive end result of the combination of 2 older types of malware. Researchers at Check Point have concluded that it’s a combination of two previous families of Android RATs – Cosmos and Hawkshaw. In their research, they have also demonstrated the evolution of malware development on the dark web.
Destructive, why? Because it supplies hackers with complete access to just about everything a smartphone user does on their devices.
Distressingly, researchers have discovered that Rogue is up for sale in dark web forums for as low as $29.99 (RM121.47). The cheap price tag for such a powerful malware has equipped even wanna-be cyber criminals and rookies with the ability to steal delicate private data.
“The low cost of the malware reflects the increasing sophistication of the criminal ecosystem that is making it possible for wannabe crooks with limited technical skills to acquire the tools to stage attacks.”
As mentioned earlier, Rogue is a RAT* (remote access trojan). It infects devices with a keylogger that enables hackers to effortlessly observe user activity, in terms of websites and apps. This is how they end up stealing victims’ credentials (usernames & passwords) as well as financial data.
This is what Rogue is capable of:
- Monitoring the GPS location of the target
- Taking screenshots
- Using the camera to take pictures
- Secretly recording audio from calls
- ... and more!
All the hackers need to operate this malware to spy on others is a smartphone of their own - to issue commands.
A remote access trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
How rogue is Rogue?
There’s no one way to install this malware. Hackers have the upper hand because they get to choose the method of infection, whether by phishing, malicious apps, or something else. That’s how flexible and ‘accommodating’ Rogue is.
Rogue’s journey to successful exploitation
Once Rogue’s on a smartphone, Rogue asks for many different permissions required for hackers to remotely access the infected device. Of course, the download doesn’t mention the real reason behind these permissions. In the event a user doesn’t grant the permissions, Rogue will repeatedly ask him/her to grant them until the victim gives in.
The malware gets around being detected as malicious by exploiting Google's Firebase service for apps in order to masquerade as a legitimate app on the device and help it remain embedded and active.
Once it successfully embeds itself on a device, the malware then goes on to install its own notification service, that gives the perpetrators the ability to monitor what notification and pop-up the victim receives. This opens up the opportunity for them to further dig what data is available on the infected device.
So, what’s the takeaway for smartphone users?
As long as there are bad guys, malware and cyber crime will exist. So, the best thing we can do is to protect ourselves as much as possible.
In this case, installing security updates as and when they’re provided is one of the best ways to avoid falling victim to mobile malware. This way hackers can’t exploit known vulnerabilities to deliver malware - since it’ll already be patched.
Besides this, another good learning is to be wary of the various permissions an application asks for. Ask yourself if the app needs those permissions to carry out its purpose or if they’re completely unnecessary and unrelated. And, of course, only download and install apps from a trusted source in the official app store.
So, there you have it! For more interesting news and updates, sit tight and stay tuned.
Until next time, friends!