Cheap OmniRAT malware used to spy on Android, Windows, Linux, Mac devices

European law enforcement agencies recently targeted users of the DroidJack mobile phone RAT, and likely made other would-be users refrain from buying and using that particular piece of malware.

Luckily for them and unluckily for prospective victims, there is other similar malware that can be bought for a fraction of the cost of DroidJack.

Avast researchers have recently come across OmniRAT, a remote administration tool/Trojan that allows users to gain remote administrative control of any Android device, but also of Windows, Linux or Mac devices.

“On their website, OmniRAT lists all of the things you can do once you have control of an Android, which include: retrieving detailed information about services and processes running on the device, viewing and deleting browsing history, making calls or sending SMS to any number, recording audio, executing commands on the device and more,” the researchers found.

The price, depending on the target device, is between $25 and $50 (DroidJack costs $210).

The researchers spotted the malware being used in the wild, spread via SMS and aided by social engineering.

The German victim received a message claiming that he can’t receive an MMS due to the Android StageFright vulnerability, and is instructed to visit a site where the MMS is hosted and to insert a code (included in the message) to see the MMS.

After doing all this, the installation of the malware is triggered, and the user is asked to accept it and the questionable permissions the app requests:

Once installed, OmniRAT gives full remote administrative control of the device to the attacker, and the app is difficult to remove – deleting the installed icon does nothing to prevent it from working.

“Furthermore, once cybercriminals have control over a device’s contact list, they can easily spread the malware to more people. Inside this variant of OmniRat, there is a function to send multiple SMS messages. What makes this especially dangerous is that the SMS spread via OmniRat from the infected device will appear to be from a known and trusted contact of the recipients, making them more likely to follow the link and infect their own device,” the researchers concluded.

Don't miss