A new family of Android RAT spotted in wild abusing the Telegram protocol for command & control and data exfiltration.
Attackers distributing the New Android RAT through third-party app stores, social media and messaging apps. The attack primarily focussed on Iran and the attackers distributed the app promising free bitcoins, free internet connections, and additional followers on social media.
The malware runs on all Android versions and it has not been into the play store, security researchers from ESET identified the new malware family and they appear to be spreading from August 2017 and its source code was made available free in Telegram hacking channels last March 2018.
Once the app installed it uses social engineering methods to attain device administrator details and once the installation completed it shows a fake small popup “claiming the app can’t run on the device and will, therefore, be uninstalled.”
But with the fake uninstallation only removes the icon not the app and new victim device registered in attackers server.
The malware contains a range of capabilities including “spying and file exfiltration capabilities, including intercepting text messages and contacts, sending text messages and making calls, audio and screen recording, obtaining device location, and controlling the device’s settings.”
Android RAT dubbed HeroRat’s is divided into categories and sold bronze(25 USD), silver(50 USD) and gold panels (100 USD) respectively and the source code at 600 USD.
It has been developed using Xamarin framework and the malware contains clickable interface in Telegram bot interface, where attackers can control the victim devices by just tapping the button.
The communication between the C&C and the data exfiltrated are transferred through telegram protocol to avoid traffic detection.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…