Trend Micro researchers detected a new variant of Android Remote Access Tool (AndroRAT) that targets an older publicly disclosed vulnerability (CVE-2015-1805) that allows an attacker to compromise older Android devices to perform privilege escalation.
Google since patched the vulnerability back in March of 2016.
According to the Trend Micro report, AndroRAT “can inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture.” AndroRAT is disguised as a malicious utility app called “TrashCleaner” that could possibly be downloaded via a malicious URL.
Users should avoid downloading apps from third party app stores and instead only use legitimate app stores.
Also keep your Android device current with latest patches or supported version of OS.
Anti-malware and mobile application reputation software can also add stronger layers of defense to help detect malicious software on your mobile device.