SANDRORAT – Malware for your Android


According to MmalwarecAfee researcher Carlos Castillo, an email spam campaign was spotted in Poland distributing a version of the SandroRat with the name “Kaspersky_Mobile_Security.apk. ” The email tries to scare a user with the following subject: “Uwaga! Wykryto szkodliwe oprogramowanie w Twoim telefonie!” (“Caution! Detected malware on your phone!”) The latest iteration called “SandroRAT,” appeared after the AndroRAT source code was put up for sale last year, he said.  SandroRAT is capable of carrying out a long list of malicious actions, including stealing SMS messages, contact lists, call logs, browser history (including banking credentials), and GPS location data stored in Android devices. The threat can also record nearby sounds using the device’s mic and store the data in an “adaptive multi-rate file on the SD card to later send to a remote server,” Castillo revealed. Once on the phone, the malware can execute a number of commands, including stealing information such as SMS messages and contact lists and intercepting and recording phone calls. In a Monday interview with, Alex Hinchliffe, mobile malware research and operations manager at McAfee, said that SandroRAT could be built as a standalone application. Saboteurs could also inject legitimate apps with the malware, and in doing so, leave users none the wiser to the threat since other functions of their applications would likely be intact, he explained. “With a trojanized application, it looks and feels just like the [legitimate] application, and it probably has the same kind of functionality,” Hinchcliffe said. Malware developers “will have to [digitally] re-sign the app when they do that. If they were to try to push this in the Google Play store, for instance, they’d have a lot more trouble but that’s why they try to attach it to a phishing email.”

Skip to toolbar