Symantec have spotted a commercial program that adds a malicious code to standard APK files for android system. The application uses an exploit for a recently discovered vulnerability in android smart phones that allows modifying APK with keeping the encryption signatures intact.
Android RAT APK Binder sold on the underground market for 37$ , according to Symantec. This is a helper utility for software Android RAT, also known as AndroRAT (Android.Dandro), the source of which was published in November 2012.
AndroRAT program is designed for remote control of infected Android devices through easy to use interface.
Adwind main control panel
Symantec up to now detected 23 of legitimate application that are using this type of Trojan named Adwind (Backdoor.Adwind). Having no security software on the android operating system will make victim smartphone fully controlled by attackers, they can take screenshot , execute commands remotely for sending spam messages for example, open any URL webpage that may contain another malware.
According to Symantec there are only several hundred infections of Android.Dandro worldwide, with the United States and Turkey but there will be an increasing number by having this sophisticated application available for Android users in the underground forums.