DoubleAgent is the name of a nasty RAT (Remote Access Trojan), which appears to be the creation of Chinese hackers. Cybersecurity analysts have identified several other Chinese-based threats, which are somewhat similar to the DoubleAgent malware – CarbonSteal, GoldenEagle and SilkBean. The latter three malware families are very active, unlike the DoubleAgent threat.
So far, there have only been several samples of the DoubleAgent malware identified in the wild. The majority of the copies of the DoubleAgent malware were found on devices used by high-ranking Tibetan activists. The DoubleAgent threat was propagated with the help of corrupted copies of popular instant messaging applications such as Skype, Telegram, WhatsApp, Talkbox, Zello, Viber, Keechat, etc.
According to researchers, the operators of the DoubleAgent malware are selecting their victims carefully. The attacks carried out with the DoubleAgent threat are very sophisticated and require the operators of the threat to configure the parameters of the campaign based on each selected target manually Older copies of the DoubleAgent malware utilized a remote FTP server that was set up by the attackers. Using this remote server, the operators of the threat could look for a folder named after the compromised Android device's IMEI number. This folder would contain a list of the commands, which the DoubleAgent malware is meant to execute on the infected host. After executing the commands, the DoubleAgent threat is meant to feed the input to the attackers' FTP server. This is not a very quick method of carrying out an attack, but it allows the operators of the DoubleAgent threat to set up the hacking tool and optimize the campaign manually.
The DoubleAgent malware is able to:
- Use the device's microphone to record audio.
- Obtain messages and files related to various Android applications.
- Execute remote commands.
- Update itself and its C&C (Command & Control) server settings.
- Manage active applications and services.
- Manage the file system.
- Plant additional APKs (Android Packages), which may enable it to install other threats.
- Hide the threat's icon from the 'Settings' menu of the host to avoid detection.
The DoubleAgent threat is not one to be underestimated. If you want to keep your Android device safe from the DoubleAgent Trojan, it is advisable to install a trustworthy, modern anti-malware solution compatible with your Android device.