Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.^[1]

ID: S0301

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 2.0

Created: 25 October 2017

Last Modified: 29 September 2020

Techniques Used

Domain	ID	Name	Use
Mobile	T1429	Capture Audio	Dendroid can record audio and outgoing calls.^[1]
Mobile	T1512	Capture Camera	Dendroid can take photos and record videos.^[1]
Mobile	T1412	Capture SMS Messages	Dendroid can intercept SMS messages.^[1]
Mobile	T1533	Data from Local System	Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.^[1]
Mobile	T1475	Deliver Malicious App via Authorized App Store	Dendroid has been distributed via the Google Play Store.^[1]
Mobile	T1523	Evade Analysis Environment	Dendroid can detect if it is being ran on an emulator.^[1]
Mobile	T1411	Input Prompt	Dendroid can open a dialog box to ask the user for passwords.^[1]
Mobile	T1444	Masquerade as Legitimate Application	Dendroid can be bound to legitimate applications prior to installation on devices.^[1]
Mobile	T1582	SMS Control	Dendroid can send and block SMS messages.^[1]

References

Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.

Dendroid

Mobile Layer

Techniques Used

References