As police across Europe crack down on the use of the DroidJack malware, a similar software nasty has emerged that can control not just Android, but also Windows, Mac, and Linux systems and is being sold openly at a fraction of the cost.
The remote-control tool, detected by security firm Avast, is called OmniRAT and appears to be of German origin. The seller promises that the "remote administration tool" can operate on Android smartphones but also allow full control of Windows systems and some control of OS X and Unix computers after installation.
Avast investigated an incident of the code being used in Germany, where the victim received a text message that claimed to be unable to show an image because of Android's now-patched Stagefright bug. In order to view the image, the victim was asked to download an app to do so.
This, of course, should have set off warning signs – any software download from an unknown or untrusted source should be viewed with caution. Once downloaded, Google's permissions model also showed a long list of access and privacy privileges the software required, and yet the victim still OK'd the install.
Once installed, OmniRAT proves very hard to get rid of. Deleting the original downloaded software does no good and the software's controller completely owns the device and is capable of making calls, stealing files, and remote controlling other devices after sending them the code.
"We know that the data collected by the customized version of OmniRat targeting the German person from the Techboard-online forum post is being sent back to a Russian domain, based on the command and control (C&C) server address the data is being sent to," said Nikolaos Chrysaidos, mobile malware and security analyst at Avast.
What could potentially make OmniRAT a bigger problem than DroidJack is its cost. The older malware cost over $200 but OmniRAT, which reused much of the same code, only wants $25 for the software and includes a "lifetime guarantee," although that's presumably only until the police move in. ®