Dendroid

Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.^[1]

ID: S0301

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 2.0

Created: 25 October 2017

Last Modified: 25 April 2025

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1429		Audio Capture	Dendroid can record audio and outgoing calls.^[1]
Mobile	T1533		Data from Local System	Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.^[1]
Mobile	T1417	.002	Input Capture: GUI Input Capture	Dendroid can open a dialog box to ask the user for passwords.^[1]
Mobile	T1655	.001	Masquerading: Match Legitimate Name or Location	Dendroid can be bound to legitimate applications prior to installation on devices.^[1]
Mobile	T1636	.004	Protected User Data: SMS Messages	Dendroid can intercept SMS messages.^[1]
Mobile	T1582		SMS Control	Dendroid can send and block SMS messages.^[1]
Mobile	T1512		Video Capture	Dendroid can take photos and record videos.^[1]
Mobile	T1633	.001	Virtualization/Sandbox Evasion: System Checks	Dendroid can detect if it is being ran on an emulator.^[1]

References

Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.

Dendroid

Mobile Layer

Techniques Used

References