New Malware Sold As A Service Wants To Be Your Hero

Yep, cybercrime is a business. We’ve mentioned this numerous times before. Recently, there was evidence of these groups operating as if they are 9 to 5 businesses and now, researchers at ESET have found another business-related operation selling malware…and even selling the source code at different pricing bundle levels based on functionality. Just decide if you want the bronze, silver, or gold package. This one targets all versions of all Android devices. The malware is being called HeroRat and is available on the Telegram hacking channels. Yes, they even have their own marketplaces.

A RAT is a remote access Trojan. These are designed to give a cybercriminal complete remote access to the victim device. HeroRat asks for permissions to install and even asks for administrator rights. Remember, never give these to any application unless you are 100% sure it needs them. Typically, only developers and systems administrators need these, and you can bet that most apps you install on your devices definitely do not need this.

HeroRat gets spread around via apps found in third-party app stores, on social media sites, and through various messaging apps. So, keep to downloading your apps from the official stores for your device. In the case of Android, it’s the Google Play Store. Sideloading, which is the practice of using other sites besides the official stores, is often much riskier. These products often don’t go through the extra security checks needed to get them into the official stores. This is not exclusive to Android devices, but also applies to all mobile products and all operating systems.

This malware will pop up a screen stating it cannot be installed and will be uninstalled, even if the user does try to install it. The icon goes away, but the app is running in the background doing various nefarious things including gathering data, recording calls, capturing screenshots, and generally controlling the device.

Be sure to install anti-virus software on your devices and keep it updated. Read reviews about these too and get them from reputable sources. If the reviews are negative or make the products sound “iffy” at all, you should avoid them and get a different one.

Stickley on Security
Published July 19, 2018