A new type of virus has been found by IT security specialists in India. The new trojan called "Dendroid" has the ability to take over an Android smartphone and intercept incoming and outgoing messages.
"Dendroid" is a malicious toolkit that has been classified as a trojan, a type of malware program that uses social engineering to fool users into installing and/or activating their subroutines. Once activated, the virus can take over the server of an Android device compromising the SMS messages going in or out of the device. The existence of the virus was first reported by the Indian Computer Emergency Response Team (CERT-In) in Delhi India.
"It has been reported that a malicious toolkit called DENDROID is being used to create trojanised applications that infects Android-based smart phones," says CERT-In in their latest virus alert. "The malware is created by modifying the required permissions by any clean APK (Android Application Package) with Dendroid RAT functionality that allows detailed management of the infected devices."
CERT-In has also referred to the virus as an "attack toolkit" due to the numerous malicious actions it can perform on an Android device. The name "Dendroid" is also a cause for concern due to its similarity to the name of its primary target operating system Android.
"Upon installation of this malicious application, a remote attacker could completely compromise the affected android based smart phone and could control it remotely," adds CERT-In. "Some of the many features include the following: able to perform DOS attack, Initiate a HTTP flood (DoS) for a period of time; can change the command and control server; delete call logs; open web pages; dial any number; record calls & audio; SMS interception; upload images & video to remote location; open an application."
The level of control Dendroid can gain over an Android device is almost complete and security experts are concerned that the virus can start spreading in India. To keep Dendroid from spreading, CERT-In issued a number of possible countermeasures.
The security organization is urging users not to download and install apps from unknown or untrusted sources. Users are also urged to check the permissions required before installing an application and to run a full system scan on their devices using mobile antivirus apps. Moreover, it is also recommended for users to install currently available Android patches and updates to increase the security of an Android device.