Sunday, May 18, 2025
HomeMalwareMost Advanced APT Malware "CrossRAT" Globally Targeting Individuals & Exfiltrate Text...

Most Advanced APT Malware “CrossRAT” Globally Targeting Individuals & Exfiltrate Text Messages, Photos, Call Records

Published on

SIEM as a Service

Follow Us on Google News

A multi-platform APT CrossRAT Malware discovered with sophisticated surveillance operation that targeting Windows, OSX, and Linux computer globally both individuals and organizations.

It performed by Large-scale Dark Caracal cyber-espionage campaign and conducting advanced spying operation globally.

There are thousand of Victims has been infected and hundreds of gigabytes of data have been stolen from more than 21 countries victims including North America, Europe, the Middle East, and Asia.

- Advertisement - Google News

CrossRAT also considering as a “newly discovered desktop surveillanceware tool.” that has an ability to target Windows, Linux, and OSX and it performs some malicious operations such as manipulate the file system, take screenshots.

Dark Caracal cyber-espionage targeting governments, militaries, utilities, financial institutions, manufacturing companies, and defense contractors.

CrossRAT used by Dark Caracal and exfiltrated data include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.

How does CrossRAT Malware Works

CrossRAT persistence helps to undetectable by malware scanners and it considered as an advanced emerging malware family.

Initially, CrossRAT spreading via Social media links, Phishing emails with an attached jar file that contains a trojanized file.

Since CrossRAT Written in Java, it requires Java to be installed on the target machine. but most recent Mac OS not shipping with Java.

its persistence mechanism bypassed the many antivirus software and it won’t help to detect and remove it from the victim’s machine if the user installed any of this anti-virus software.

CrossRAT Malware contains .jar file and later it was unzipped and find that it has Java-based package structured Java Bytecode.

The file contains 3 Packages. a, b, Crossrat, org and first package (A), appears to be responsible for determining the OS version of any system it is running on.

Java can support allow the Platform  CrossRAT can be deployed on Windows, Linux, SunOS, and OS X.

Accorinding to Researchers, n an infected system, in order to ensure that the OS automatically (re)executes the malware whenever the system is rebooted, the malware must persist itself. This (generally) requires OS-specific code. That is to say, there are Windows-specific methods of persistence, Mac-specific method, Linux-specific methods, etc…

Once the CrossRAT malware completely infected the victim’s machine, it allows a remote attacker to completely take over the entire computer and it modifying the file system.

Its created for global keyboard and mouse listeners for Java to capture the keyboard activities.

Also, this malware using  java.awt.Robot().createScreenCapture function to capture the victim’s screen and saves it as a disk. later it communicates with its Command & Control server and exfiltrates the data.

Also, an attacker can able to create, delete, modifying the file remotely also execute the arbitrary code on the victim’s machine also, you can read the complete technical analysis here

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Printer Company Distributes Malicious Drivers Infected with XRed Malware

Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious...

Frigidstealer Malware Targets macOS Users to Harvest Login Credentials

An macOS users, a new information-stealing malware dubbed FrigidStealer has emerged as a formidable...

SSH Auth Key Reuse Uncovers Advanced Targeted Phishing Campaign

A meticulously orchestrated phishing campaign targeting Kuwait's fisheries, telecommunications, and insurance sectors has been...