Italian Android RAT Targets China and Japan

Written by

Security researchers are warning of a new Android Remote Access Trojan (RAT) designed to target smartphones with specific IMEI numbers in China and Japan.

Samples of the RAT were analysed between December 2015 and June this year, with the malware only working on rooted devices, which are prevalent in China.

Some figures claim that up to 80% of Android smartphones in the Middle Kingdom are rooted.

However, even if a targeted device isn’t rooted, there is malware available on the cybercrime underground which will do that job, Bitdefender argued.

The security vendor has speculated that the malware could be part of an as-yet-undiscovered advanced persistent threat (APT) or similar.

The malware itself could arrive in the form of “it.cyprus.client” or “it.assistenzaumts.update,” and is loaded with functionality designed to take screenshots, listen in to phone conversations and send the information back to C&C servers in Italy.

Bitdefender warned users to only download apps from a trusted marketplace, and to install reputable AV on their handsets to protect against threats.

However, China for one is awash with third party app stores with the official Google Play Store virtually inaccessible to regular users.

This, combined with the tendency of users to root their phones, means there are ample opportunities for cyber-criminals to spread malware to devices.

In fact, the majority of Android malware victims are thought to be located in China.

Just last month a new piece of prolific malware was spotted by Check Point. The so-called HummingBad malware is said to have infected over 80 million users worldwide, with the majority in India and China.

That particular threat was spread by Chinese ‘advertising’ company Yingmob.

Google claimed in its Android Security 2015 Year in Review report this year that fewer than 0.15% of devices downloaded potentially harmful applications (PHAs) from Google Play in 2015, with the figure rising to 0.5% of devices when including third party app stores.

What’s hot on Infosecurity Magazine?