Android malware HeroRat discovered

Anna Celina
in News

Android malware HeroRat discovered

Android virus includes spyware

Beware of HeroRat: The European IT-security manufacturer ESET has recently discovered a new Android malware, which turns your mobile into a spy. The malware exploits a protocol of the popular messenger Telegram.

We take a look at what’s behind this type of Android malware and how you can protect your mobile from it.

HeroRat – what’s behind the Android malware

It’s no secret that messenger services like WhatsApp aren’t necessarily safe. We have previously covered the loopholes of WhatsApp in our blog. But WhatsApp alternative Telegram is also not safe from hackers who exploit the messenger’s protocols for disreputable purposes.

This is the case with the Android malware HeroRat, which IT-security manufacturer ESET now warn about. HeroRat is a so called Remote Administration Tool (RAT) that allows hackers to gain access to your Android mobile. Afterwards they can remotely control your mobile.

In fact, this type of Android malware is part of a larger family of Android RATs, which ESET discovered in August of 2017. Since March of 2018 its source code is available for free through different Telegram hacking channels. This means that its very easy for hackers to use Remote Administration Tools for their own purposes. By now there are hundreds of different types of this RAT spread on the web as reported in this ESET blog post.

Android malware HeroRat

HeroRat requests extensive App authorisation and makes it easy for hackers to gain control of your mobile. (Photo: Screenshot/ESET)

Why HeroRat is so dangerous

The version of HeroRat currently spreading is different from other types of the Android RAT family and therefore especially dangerous. The Android malware is written in programming language C#, which is very atypical for Android malware.

In addition, the malware uses a Telegram messenger protocol usually reserved for transmitting commands to users’ mobiles. This way you can hardly detect unusual activities that are transferred to an established upload server.

HeroRat takes control of Android mobiles

There are different ways how this Android malware can get onto your mobile. The spyware is most likely smuggled onto your phone through the download of an appealing fake App. These applications are widespread amongst third-party App stores, social media platforms and messaging services. The good news: Up until now the Google Play Store has not been infiltrated by the Android malware.

HeroRat activates once you accept the necessary authorisations requested by the infected App. This often includes permission to access and use the device manager. If you then try to open said App a window will pop up and inform you that the respective application cannot run on your device.

The application is supposedly removed from your mobile but while the App disappears from your phone, the malware registers your mobile as a new device with the hackers. They can now use the Telegram-Bot function to remotely control and manipulate your Android phone.

HeroRat: Android malware includes spyware

Once the hackers have gained access to your mobile, they can do whatever they like. The Android malware includes a variety of spyware functions and intercepts text messages and contact information. It also enables hackers to send texts, take screenshots and make audio recordings. They can also manipulate the device’s settings.

These are the consequences: Once your mobile has been infiltrated by HeroRat, hackers have unlimited access to your contacts and personal data – without you even noticing.

Protect yourself from HeroRat – what you can do

The good news is: Up until now the Android malware has mainly been active in Iran. But experts cannot predict whether a mutation of HeroRat will soon be active in other countries. There are however a few easy precautions to protect your mobile from malware infiltration.

First of all you should only download Apps from the Google Play Store and pay attention to good ratings and high download numbers. But even here applies: Keep you eyes open because the numbers on the Google Play Store are not always what they seem. Additionally, you should look out for the App’s access requests and if necessary adjust those.

It is also important to regularly protect your mobile with a good Antivirus programme. A TrustATec service partner near you will be happy to help you with choosing and installing the right Antivirus programme for your mobile phone and tablet.


[Total: 5    Average: 4.2/5]

0 Kommentare

Leave a comment

Your e-mail address will not be published.