OmniRAT

OmniRAT is a remote access trojan first discovered in November 2015 by an Avast researcher. It is very similar to DroidJack and SpyNote and is used to gain remote administrative control of Android, Windows, Linux, and Mac devices and facilitates spying.  OmniRAT can retrieve detailed information on services and processes running on the infected device, view and delete browsing history, make calls and send texts, record audio, and execute commands. It can be purchased on the open internet for a very affordable price. When used against Android devices, the trojan is often spread via social engineering through SMS texts. The SMS contain links to a site requesting the users phone number and code within the SMS. After entering the information, an APK is downloaded onto the device, displaying an icon. When installed, OmniRAT gives full remote administrative control to the attacker. Even if the icon is deleted, the trojan remains on the device. It can spread to additional devices by sending SMS texts from the Android device.

Reporting

  • November 2015: OmniRAT takes over Android devices through social engineering tricks. (IBM)
  • February 2017: Hackers are using OmniRAT to attack ISIS supporters on Telegram. (International Business Times)

Technical Details

  • Avast provides technical details on the OmniRAT, here.