Police raid DroidJackers in international takedown

News by Max Metzger

Users of the remote access trojan, DroidJack, have been raided by police in six countries as part of international investigation into Android spyware.

Individuals involved with Droidjack - the application that allows you to spy on your Android-enabled family, friends, enemies and mistresses/paramours - days may be numbered.

Police have raided the homes of those individuals across europe in what looks like an intercontinental crack down. International police forces, including Europol and the National Crime Agency, searched homes in the UK, Germany, France, Belgium, Switzerland and the US of those who had downloaded the app and used it to spy on people. The authors of the app itself do not appear to be implicated in this crackdown and there have been no arrests, only raids. That said,  there have been arrests made for the use of malware like this. The FBI arrested tens of people in mid-2014 for using the BlackShades RAT.

Chris Boyd, a malware intelligence analyst at Malwarebytes told SCMagazineUK.com that, "going after the buyers of DroidJack as opposed the creator is an interesting tactic, however for as long as a program remains on sale you'll always have people willing to buy. While this may cause some people to think twice, it's debatable how much of an impact this will have in the long term." 

George Ungefuk, a German public prosecutor involved in the operation told SC that no suspects have been arrested but there were "only house searches and seizures of devices and infrastructure." All those whose houses were raided "are suspected in preparation of data espionage and computer fraud" under section 202c and  263a of the German criminal code. There is no news as to whether DroidJack's authors will be implicated in this case. 

DroidJack allows you to put a Remote Access Trojan (RAT), on someone else's android phone, thereby allowing you to hijack the device remotely. From there, you can have your way with their data, recording their conversations, reading their emails and texts and tracking their location through the GPS.

Traditionally, malware is not too widely advertised outside of hacker circles and the dark web but the developers of this particular piece don't seem shy about loudly advertising the benefits of their malware. On DroidJack's website, it talks of the software's stealthiness, and the the range of features with which you can spy on the targeted phone: “DroidJack gives you the power to establish control over your beloveds' Android devices with an easy to use GUI and all the features you need to monitor them.” You can even buy it for less than £150.

In 2013, Symantec discovered mentions of such a a RAT being developed on various hacker forums, mentions being linked back to a app called Sandroid RAT being sold on Google Play Store, which advertised the ability to control your computer without ads. In 2014, the same forum advertised the development of a next-gen Android RAT, known as DroidJack. Symantec's investigation points to DroidJack's creators coming out of Tamil Nadu,  a region in southern India.

The  DroidJack developer, Sanjeevi Lr, told SC that “According to the terms and conditions of usage, if I receive any reports that the tool is being used improperly or against the law, their licences will be banned. If I receive a complaint or report against a user with enough proof that he/she has used it illegally then I will immediately ban his/her licence.”

Sanjeevi added that, “The project was built with the same terms other parental control tools use. Still if this project needs to be shut down for legal reasons, then it will be shut down.”

One might imagine how this tool can be abused, even if the police have not yet explicitly stated the reason for the raids and the legality of such a tool is ambiguous. The tool's website comes with a disclaimer that says...

Symantec wrote in a blog post about DroidJack, that, "In an attempt to distance themselves from any responsibility for illegal activity, the authors of DroidJack have included a disclaimer in their marketing material.  Similar disclaimers have been used in the past by other malware authors, such as the Mariposa botnet author, who unsuccessfully claimed on his website that the software was only for educational purposes." The post adds that "Whether the authors of DroidJack truly believe that this disclaimer absolves them of any responsibility is irrelevant, as naivete is not a defence in law."


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews