Dendroid

Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.[1]

ID: S0301
Type: MALWARE
Platforms: Android
Version: 2.0
Created: 25 October 2017
Last Modified: 29 September 2020

Techniques Used

Domain ID Name Use
Mobile T1429 Capture Audio

Dendroid can record audio and outgoing calls.[1]

Mobile T1512 Capture Camera

Dendroid can take photos and record videos.[1]

Mobile T1412 Capture SMS Messages

Dendroid can intercept SMS messages.[1]

Mobile T1533 Data from Local System

Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.[1]

Mobile T1475 Deliver Malicious App via Authorized App Store

Dendroid has been distributed via the Google Play Store.[1]

Mobile T1523 Evade Analysis Environment

Dendroid can detect if it is being ran on an emulator.[1]

Mobile T1411 Input Prompt

Dendroid can open a dialog box to ask the user for passwords.[1]

Mobile T1444 Masquerade as Legitimate Application

Dendroid can be bound to legitimate applications prior to installation on devices.[1]

Mobile T1582 SMS Control

Dendroid can send and block SMS messages.[1]

References