A new Android Remote Administration Trojan (RAT) named Rogue is for sale on underground forums for as little as $29.99. The RAT is a combination of two older malware types and gives hackers full control of infected Android devices. Rogue can be installed by several different methods; it is usually done so through phishing or a malicious app. After being downloaded on a smartphone, Rogue will repeatedly ask for device administrator permissions—once the permissions are granted, hackers can remotely access the device. Once Rogue is embedded, the threat actor has access to GPS location, can take screenshots, use the camera, record audio from calls and more.
Binary Defense analysts have also tracked the sale of the Rogue Android RAT on criminal forums since early last year. Although Rogue has not been offered for sale recently, other forms of Android malware have been available and are often discussed on criminal forums. To avoid becoming a victim of mobile malware, first ensure that mobile devices always have the latest security update. Doing so will prevent it from being subject to known vulnerabilities. Avoid apps that are downloaded from websites or links from email and text messages—Android users should stick to Google Play and only install apps that have been available for at least a few weeks with positive reviews. Additionally, be wary of apps that ask for an excessive number of permissions to run on the device, especially device administrator or accessibility permissions. Be aware of social engineering campaigns—threat actors often try to collect data through phishing texts and emails. Always verify the source when being asked for personal information and contact the organization directly if something seems suspicious.