DroidJack RAT poses as a legitimate app
In an interesting turn of events, developers may have turned to crime when an initial Android app failed to generate sufficient income, according to a blog post by Symantec.
Originally, an app called Sandroid was released in April 2013 on Google Play. Sandroid is a legitimate app; it’s functionality including being able to remotely access a PC and run commands on it. It seems that the app failed to take off, leading to the release in December 2013 of SandroRAT. SandroRAT seemed to mostly target Polish Android users. It used a fake message to trick users into installing the malware on the device.
DroidJack appears to be a new version of SandroRAT. It does not require root access to work. Some of its capabilities include listening in on phone calls, recording audio and video using the microphone and camera, and extracting the phone’s GPS data. DroidJack also can steal files from the device, look at messages and find out the carrier details. In all, there are more than 50 separate features. DroidJack is available on its own website for $210; this price includes a lifetime licence.
The developers of DroidJack try to absolve themselves from potential misuse of their application via a statement on their website. The statement tells users that the product may not be used for illegal purposes, and that the company holds no liability for misuse of the product. Unfortunately for the creators of DroidJack, this type of disclaimer is not likely to be enough to protect them from prosecution.