Check Point Research discovers aggressive Android malware named “Rogue”

Check Point Research discovers aggressive Android malware named “Rogue”

Researchers at Check Point Research (CPR) recently discovered that an Android malware provider is collaborating with a Dark Net marketer on ‘Rogue’. It provides hackers with nearly-full access to a user’s Android smartphone. This new malware can take over devices and infiltrate data, images, locations, contacts, and messages.

A new aggressive malware product

The malware supplier, which goes by the name ‘Triangulum’ on various Darknet forums, has already entered the Dark Web in early 2017. Initially, Triangulum sold a mobile RAT (Remote Access Trojan) that focused on Android products. The mobile RAT could pull sensitive data from C&C servers, destroying local data. A few months later, the supplier started offering Android malware. After that, Triangulum disappeared from the radar for nearly 1.5 years, until April 6, 2019. On that day, together with HexaGoN Dev, which specializes in Android OS malware, introduced a new malicious product. The product has been named ‘Rogue’ and is part of the MRAT (Mobile Remote Access Trojan) family. The malware can take over devices and infiltrate data such as photos, location, contacts, and messages.

Pretending to be a Google service

The malware uses Google’s Firebase platform to disguise its malicious intent and pretend to be a legitimate Google service. When ‘Rogue’ has successfully obtained all required permissions on the target device, it hides its icon from the user of the device to make it harder for users to get off it. The malware then registers itself as a device administrator. When the user tries to revoke administrator rights, a message appears on the screen: “Are you sure you want to delete all data?”. Clearly, during their 1.5-year hiatus, the creators created a high-functioning production line for the development and distribution of Android malware.

To prevent malware threats on mobile devices, here are some simple tips you can follow:

  • Regular operating system updates are essential. Mobile devices should always be updated with the latest version of the OS to protect them from outside abuse.
  • Only install apps from official app stores. This reduces the chance of inadvertent installation of mobile malware or malicious application.
  • Enable the remote wipe capability on your mobile devices. All devices should have remote wipe capability to minimize the chance of losing sensitive data.
  • Don’t just rely on public Wi-Fi networks. They make it easier to carry out attacks because they form a bridge to your device, as it were. Limiting mobile devices to trusted Wi-Fi and mobile networks reduces exposure to cyber threats.

You can get more in-depth information about the research and this malware here.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

“Keep your friends close, but your memes even closer”.

No Comments

Leave a Reply

You must be logged in to post a comment.