Skip to main content

Android Remote Access Trojan takes malware 'to a new level'

Malware coming up
Google turning into Windows when it comes to malware

A new breed of RAT has emerged according to security experts Fireeye, one that could bring havoc to our banking services.

Remote Access Tools (or RAT) on Android are nothing new but a new one called HijackRat goes further than its predecessors

Under the package name com.II and appearing as Google Service Framework, it can transmit your details, steal your money and carry out other malicious tasks in the background, anonymously and remotely.

When HiJackRat was first discovered, it appeared to be focusing on South Korea with eight banks from that country targeted. In addition, both the malware developer and its victims are Korean speakers a well.

What worried Fireeye is that only 10 per cent of a set of 54 antivirus vendors managed to detect that malware, mostly because of its ability to chance its command-and-control servers.

The two Fireeye researchers, who wrote the report, ended their analysis of com.II noting that "given the unique nature of how this app works, including its ability to pull down multiple levels of personal information and impersonate banking apps, a more robust mobile banking threat could be on the horizon."