A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware. The toolkit is called Dendroid and can be used to create "trojanized" apps -- legitimate applications with malicious code added to them -- that connect back to a command-and-control server over HTTP and allow attackers to perform a variety of malicious actions on devices that have those apps installed.