{"id":37068,"date":"2014-08-02T02:43:15","date_gmt":"2014-08-02T09:43:15","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=37068"},"modified":"2025-06-04T03:57:56","modified_gmt":"2025-06-04T10:57:56","slug":"sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/","title":{"rendered":"Android App SandroRAT Targets Polish Banking Users via Phishing Email"},"content":{"rendered":"<p>Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as you can read in <a href=\"https:\/\/mcafee.com\/blogs\/others\/mcafee-labs\/dhl-sms-spam-distributing-android-malware-germany\/\">this recent McAfee Labs post,<\/a> while in Poland there is an ongoing email spam campaign distributing a new variant of an Android remote access tool (RAT).<\/p>\n<p>Recently McAfee Labs received a new mobile malware sample from a customer in Poland with the name Kaspersky_Mobile_Security.apk. It arrives as an attachment with the following phishing message:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-37071\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\" alt=\"CASTILLO_SandroRATSpam\" width=\"802\" height=\"356\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg 802w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_SandroRATSpam-300x133.jpg 300w\" sizes=\"auto, (max-width: 802px) 100vw, 802px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Source: <a href=\"https:\/\/zaufanatrzeciastrona.pl\/post\/uzytkownicy-androida-uwaga-na-wiadomosci-od-kaspersky-lab\/\">Zaufana Trzecia Strona<\/a><\/p>\n<p>The email tries to scare a user with the following subject:<\/p>\n<p style=\"text-align: center;\">\u201cUwaga! Wykryto szkodliwe oprogramowanie w Twoim telefonie!\u201d<br \/>\n(\u201cCaution! Detected malware on your phone!\u201d)<\/p>\n<p>The body of the message states that the bank is providing the attached free mobile security application to detect malware that steals SMS codes (mTANs) for authorizing electronic transactions. However, the attached application is in fact a version of the Android RAT SandroRat, which was announced at the end of the last year in the Hacking Community <a href=\"https:\/\/www.hackforums.net\/printthread.php?tid=3960345\">HackForums.<\/a> The RAT and its source code are for sale, making it accessible to everyone to create a custom version of this threat.<\/p>\n<h2>The Power of Android RAT<\/h2>\n<p>Just as any other Android RAT (such as AndroRAT), the malware can remotely execute several commands to perform any of the following actions:<\/p>\n<ul>\n<li>Steal sensitive personal information such as contact list, SMS messages (inbox, outbox, and sent), call logs (incoming, outgoing, and missed calls), browser history (title, link, date), bookmarks and GPS location (latitude and longitude).<\/li>\n<li>Intercept incoming calls and record those in a WAV file on the SD card to later leak the file.<\/li>\n<li>Update itself (or install additional malware) by downloading and prompting the user to install the file update.apk.<\/li>\n<li>Intercept, block, and steal incoming SMS messages.<\/li>\n<li>Send MMS messages with parameters (phone number and text) provided by the control server.<\/li>\n<li>Insert and delete SMS messages and contacts.<\/li>\n<li>Record surrounding sound and store it in an adaptive multi-rate file on the SD card to later send to a remote server.<\/li>\n<li>Open the dialer with a number provided by the attacker or execute USSD codes.<\/li>\n<li>Display Toast (pop-up) messages on the infected device.<\/li>\n<\/ul>\n<p>A novel functionality of this threat\u00a0is its ability to access the encrypted Whatsapp chats (available in the path \/WhatsApp\/Databases\/msgstore.db.crypt5 on the SD card) and obtain the unique encryption key using the Google email account of the device to\u00a0get the chats in plain text and store them in the file waddb.sr:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_DecryptWhatsapp.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-37069\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_DecryptWhatsapp.png\" alt=\"CASTILLO_DecryptWhatsapp\" width=\"1025\" height=\"187\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_DecryptWhatsapp.png 1025w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_DecryptWhatsapp-300x54.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_DecryptWhatsapp-1024x186.png 1024w\" sizes=\"auto, (max-width: 1025px) 100vw, 1025px\" \/><\/a><\/p>\n<p>This decryption routine will not work with Whatsapp chats encrypted by the latest version of the application\u00a0because the encryption scheme (crypt7) has been updated to make it stronger (using a unique server salt). Whatsapp users should update the app to the latest version.<\/p>\n<p>Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain\u00a0complete control of a device with a tools like SandroRAT. This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks.<\/p>\n<p>McAfee Mobile Security detects this Android threat and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit <a href=\"https:\/\/www.mcafeemobilesecurity.com\">http:\/\/www.mcafeemobilesecurity.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is&#8230;<\/p>\n","protected":false},"author":462,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[37,49,180,214],"coauthors":[1104],"class_list":["post-37068","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-android","tag-botnet","tag-malware","tag-mobile-security1"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Android App SandroRAT Targets Polish Banking Users via Phishing Email | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android App SandroRAT Targets Polish Banking Users via Phishing Email | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-08-02T09:43:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T10:57:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"802\" \/>\n\t<meta property=\"og:image:height\" content=\"356\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Carlos Castillo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@carlosacastillo\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlos Castillo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/\"},\"author\":{\"name\":\"Carlos Castillo\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\"},\"headline\":\"Android App SandroRAT Targets Polish Banking Users via Phishing Email\",\"datePublished\":\"2014-08-02T09:43:15+00:00\",\"dateModified\":\"2025-06-04T10:57:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/\"},\"wordCount\":565,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\",\"keywords\":[\"android\",\"botnet\",\"malware\",\"mobile security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/\",\"name\":\"Android App SandroRAT Targets Polish Banking Users via Phishing Email | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\",\"datePublished\":\"2014-08-02T09:43:15+00:00\",\"dateModified\":\"2025-06-04T10:57:56+00:00\",\"description\":\"Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Android App SandroRAT Targets Polish Banking Users via Phishing Email\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\",\"name\":\"Carlos Castillo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"caption\":\"Carlos Castillo\"},\"description\":\"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \\\"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\\\" section of the book, \\\"Hacking Exposed 7: Network Security Secrets &amp; Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/carlosacastillo\/\",\"https:\/\/x.com\/carlosacastillo\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android App SandroRAT Targets Polish Banking Users via Phishing Email | McAfee Blog","description":"Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Android App SandroRAT Targets Polish Banking Users via Phishing Email | McAfee Blog","og_description":"Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-08-02T09:43:15+00:00","article_modified_time":"2025-06-04T10:57:56+00:00","og_image":[{"width":802,"height":356,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg","type":"image\/jpeg"}],"author":"Carlos Castillo","twitter_card":"summary_large_image","twitter_creator":"@carlosacastillo","twitter_site":"@McAfee","twitter_misc":{"Written by":"Carlos Castillo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/"},"author":{"name":"Carlos Castillo","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe"},"headline":"Android App SandroRAT Targets Polish Banking Users via Phishing Email","datePublished":"2014-08-02T09:43:15+00:00","dateModified":"2025-06-04T10:57:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/"},"wordCount":565,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg","keywords":["android","botnet","malware","mobile security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/","name":"Android App SandroRAT Targets Polish Banking Users via Phishing Email | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg","datePublished":"2014-08-02T09:43:15+00:00","dateModified":"2025-06-04T10:57:56+00:00","description":"Europe is currently under attack by spammers trying to get control of Android devices. In Germany the distribution method is via SMS (text) messages, as","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/CASTILLO_SandroRATSpam.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Android App SandroRAT Targets Polish Banking Users via Phishing Email"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe","name":"Carlos Castillo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","caption":"Carlos Castillo"},"description":"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\" section of the book, \"Hacking Exposed 7: Network Security Secrets &amp; Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.","sameAs":["https:\/\/www.linkedin.com\/in\/carlosacastillo\/","https:\/\/x.com\/carlosacastillo"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/37068","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/462"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=37068"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/37068\/revisions"}],"predecessor-version":[{"id":215099,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/37068\/revisions\/215099"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=37068"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=37068"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=37068"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=37068"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}