The maker of a controversial malware, whose users have been targeted today in a global sting operation, has defended its use.
In a series of emails to Red Herring the product’s creator Sanjeevi, named after a sacred Hindu mountain, claimed that customers use Droidjack, a remote access Trojan (RAT) that can snoop on Android smartphones without their owners’ knowledge, within legal terms.
Droidjack is “very useful for the users who use them (sic) legally,” Sanjeevi wrote. “Droidjack is a parental tool for Android remote administration. It is strictly meant for that and no other reasons.” Anyone who breaks these rules, adds Sanjeevi, will have their licence revoked.
But law enforcement agencies in Europe and the US disagree, and today raided dozens of homes in five European countries, and the US. The most activity has been in Germany, where 13 raids have been carried out.
Suspects were aged between 19 and 51. So far only one arrest has been made, in the northern British city of Carlisle. Users who have had the malware since 2014 are being investigated.
Droidjack allows users to track information on any Android smartphone without consent. Droidjack users, who can buy the product for $210 online, can listen to conversations, read emails and hijack the camera.
Amid the raids, experts have blasted Sanjeevi’s comments as disingenuous. “Droidjack’s claims that misuse of their product would result in license determination seem very erroneous, as it is highly unlikely that they could detect misuse of their product,” said Nikolaos Chrysaidos, mobile malware analyst at Avast.
“There is definitely something inherently unsafe about any software that is sold on the Internet that can be used to spy on others and extract their personal data without their knowledge,” he adds.
Chrysaidos adds that there are other products, such as Rat, which could come under similar scrutiny: “Droidjack cannot only be used to ‘give people the power to establish control over beloved’s Android devices’ as they say on their website, but could also be used to establish control over any other device in the world, including corporate devices, making it extremely dangerous.”
Sanjeevi declined to comment on Chrysaidos’ accusations. But conceded that, if asked to shut down by the government (whichever government that is), “the project will be shut down.”