AndroRAT and DroidJack both can read text messages and listen to calls Iranian hackers are showing strong interest in malware that can secretly pull data from Android devices, which are popular in the Middle East.The analysis comes from Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.One of Recorded Future’s specialties is monitoring hacking forums, looking for clues and chatter that might indicate future attacks.Over the last six months, there appears to have been high interest on Iranian hacking forums in remote access tools, or programs designed to listen to calls and collect text message and GPS data, according to a blog post. The most-discussed tools were AndroRAT and DroidJack. AndroRAT is free and has been around for close to four years, while DroidJack appeared last year.“With a low level of technical skill needed, open availability and strong community support on hacker forums, DroidJack and AndroRAT are likely to remain popular choices for threat actors seeking to take advantage of Middle Eastern mobile systems,” Recorded Future wrote. The fact that Iranian hackers are embracing them now shows that threat actors are adapting to go after platforms that are popular in their own countries or regions, the company wrote. The tools to do so may be easy to get.DroidJack has its own website. It costs US$210, and its developers aren’t cagey about the app’s mission: “DroidJack gives you the power to establish control over your beloveds’ Android devices with an easy-to-use GUI and all the features you need to monitor them.” Screenshot/DroidJack DroidJack can provide a list of calls made by a victim’s Android phone.Tricking someone into installing such apps without their knowledge is illegal in most countries.Symantec wrote in November 2014 that it found the names and phone numbers of people supposedly based in India who developed DroidJack.AndroRAT has been an open-source project. Like DroidJack, it can be wrapped into a legitimate Android app’s application package (APK) in order to deceive people into installing it.“The sustained Iranian interest in AndroRAT, despite its age and declining chatter from other sources, could be due to the easy download access, including GitHub repositories, and available community support for deploying the malware,” Recorded Future wrote. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe