ESET reveals new HeroRat malware that can control an Android phone or tablet through Telegram. It belongs to the group called RAT (Remote Administration Tool). It has been spreading over networks since 2017.
Malware HeroRat takes control of commands and manipulates user data
“In the first phase of the survey, we thought it was a modified version of the so-called IRRATs and TeleRATs. Later, however, it turned out to be a completely new group of malware that has spread over networks since August 2017. In March 2018, the source code for the Pirate Channels of the Telegram application was released free of charge. As a result, several versions of this malware have been released, “ says Pavel Matějíček, Technical Support Manager, Czech branch of ESET
One version differed from the others. Hackers are tempting users to download the tool through ads via third-party, social, and communications applications. Hackers promise users various services and products for free. For example, free bitcoins, free internet, followers free, etc. Malware HeroRat works on all versions of Android, but the user must first allow permissions.
Once the malware is installed and running, a pop-up window will appear to the users indicating that the application cannot be started and uninstalled. Once they uninstall, the application icon disappears, but hackers have another successfully attacked device. Subsequently, a Telegram boot is used to spy, manipulate data, send messages, dial calls, record sounds, videos, record locations, and so on.
ESET recommends using the official Google Play store for downloading apps where malware was not recorded, and also be careful about granting permissions after installing the app. This is the basic security advice. If you follow them, your phone should be very well protected against similar malicious codes like HeroRat.
