This Android malware claims to give hackers full control of your smartphone

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,551
Researchers detail Rogue RAT, which provides even low-level cyber criminals with the ability to read your messages, steal your passwords and even record your calls.

A new combination of two older types of malware, which provides hackers with access to almost everything a user does on an Android smartphone, is up for sale on underground forums for as little as $29.99 – providing even low-level cyber criminals with the ability to steal sensitive personal data.

The 'Rogue' remote administration tool (RAT) infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data. The low cost of the malware reflects the increasing sophistication of the criminal ecosystem that is making it possible for wannabe crooks with limited technical skills to acquire the tools to stage attacks.
 
F

ForgottenSeer 85179

After being downloaded onto a smartphone, Rogue asks for the permissions that it needs for the hacker to remotely access the device – although the download obviously doesn't mention that this is the reason why they're needed. If the permissions are not granted, it will repeatedly ask the user to grant them until they do.

Once the permissions have been gained, Rogue registers itself as the device administrator and hides its icon from the home screen.

Device administrator permission needs to be allowed manually by user. It's not a simple click on yes.
I don't think this is a real threat.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,779
Device administrator permission needs to be allowed manually by user. It's not a simple click on yes.
I don't think this is a real threat.
If the actual professional researchers at CheckPoint not only created/posted an official report about it, but also flags it as malicious, I would bet my ass it's a real threat.
 

Dave Russo

Level 16
Verified
Top poster
May 26, 2014
794
Is there any info on what security product detects and blocks this? The link above has a "TOOLS" links with a instant security assessment test,My results

6 potential threats were found during the CheckMe assessment

Malware Infection - vulnerable
Command & Control Communication - vulnerable
Zero Day - vulnerable
Browser Exploit - vulnerable
Anonymizer Usage - vulnerable
Data Leakage - vulnerable

i have Kaspersky Total security and as the test was running it was denying the downloads yet my results are as shown supposed complete failed, anyone else getting better results? or is this test just to market Checkpoints product???
 
Last edited by a moderator:
F

ForgottenSeer 89360

Every piece of malware is a real threat, question is who it is relevant to.
People not installing apps frequently and not installing them from untrusted sources are not threatened.
 
Last edited by a moderator:

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
511
Guys and gals. This report on the Checkpoint site linked by @upnorth was written by researchers, not by marketing or PR. These are skilled and technical colleagues who would not risk their reputation and artificially boast threats for marketing purposes. Marketing people and researchers are very different with their goals and methods. For marketing oversimplification and exaggeration are valid methods to tap into people's emotions and sell more.

Researchers live from publications and reputation. If a scientific researcher is not accurate, exaggerates, or worse, lies, their career is over. A career like ours needs trust first and foremost.

Yes, they obviously have their mandatory lines in the end with links to the Checkpoint products, but that's because they work for Checkpoint and some requirements do have to be met. There are naturally links on the Checkpoint website to their tools with marketing purposes, which has nothing to do with the report and is off topic at this point. Please cease discussing their security assessment in this thread. You can create a new thread for that purpose.

Edit: The first two paragraphs about researchers not boasting threats pertain to the "´this is no real threat" discussion.
 
Last edited:

Dave Russo

Level 16
Verified
Top poster
May 26, 2014
794
I believe @Dave Russo was referring to a product that has nothing to do with the researchers or the threat in question, which is this:

This is a bit off-topic and has nothing to do with the Android malware article.

I’ve edited my post not to include any information on this assessment.
Yes, you are right my comments were in reference to the test on the link, sorry I should have been more careful
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,779
Rogue uses Firebase’s services as a C&C (command and control) server, which means that all of the commands that control the malware and all of the information stolen by the malware is delivered using Firebase’s infrastructure.
Abusing Googles free messaging service Firebase, I also seen in another very good report from Cisco Talos.

How common or rare this connection/use is today, I don't have a clue much other then from what the researchers reported about. It's for sure a smart approach avoiding and bypass C&C ( command and control ) take downs.