A Newly discovered Android Remote Access Trojan called AndroRAT targets unpatched Android Devices that exploit the publicly disclosed critical privilege escalation vulnerability and gain some high-level access from targeted Andriod devices.
This Android-based RAT has the ability to gain some advanced level privileges on any Android devices that unpatched Remote code execution vulnerability CVE-2015-1805 and inject root exploits.
Root Exploits lead to performing various malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture.
Basically, RATs are abusing many platforms including Android, windows, and macOS by exploiting the critical vulnerabilities that performing on the targeting platform.
Also Read: Android Rat – TheFatRat to Hack and Gain Access to Targeted Android Phone
AndroRAT was Initially developed as a university project in order to gain remote access from Android devices but later it was abused by cybercriminals and used for various malicious activities.
A newly discovered AndriodRAT variant posed as a malicious utility app called TrashCleaner which contains an Android exploit.
Initially in distributed via malicious URLs were distributed via various sources such as spam and phishing email or social media shares.
Once TrashCleaner runs on the targeting Android devices, it forces victims to install the Chinese-labeled calculator app that forced victims to replace the default Android calculator app.
Once this Malicious calculator app will be installed on the victim’s device, the Trashcleaner app will disappear from the infected Android devices and RAT will be activated from the background.
Later RAT will communicate with the command & control server which is controlled by the attacker and performs various commands to steal the user’s sensitive information.
According to TrendMicro, The variant activates the embedded root exploit when executing privileged actions. It performs the following malicious actions found in the original AndroRAT:
Apart from the original features of the AndroRAT, it also performs new privileged actions:
CVE-2015-1805 was patched in 2016 by Google and the unpatched Android devices are still vulnerable to this AndroRAT Remote access Trojan also the device which is no longer receives this security patch is also vulnerable to this Android RAT which is still being used by a significant number of mobile users. Trend Micro said.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…