Friday, May 9, 2025
HomeAndroidPJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military...

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

Published on

SIEM as a Service

Follow Us on Google News

PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in a new campaign targeting users in Taiwan.

Initially, PJobRAT was known for targeting Indian military personnel by disguising itself as dating and instant messaging apps.

The latest iteration of this malware has evolved, now masquerading as apps like ‘SangaalLite’ and ‘CChat’, which were distributed through defunct WordPress sites.

- Advertisement - Google News
PJobRAT Android Malware
Screenshots from the interface of the malicious SaangalLite app

These sites were active from at least January 2023 to October 2024, although the domains were registered as early as April 2022.

Distribution and Infection Tactics

The malware was spread via fake apps that mimicked legitimate messaging services.

Once installed, these apps request extensive permissions, including the ability to bypass battery optimization, allowing them to run continuously in the background.

Users were likely directed to these malicious sites through various tactics such as SEO poisoning, malvertising, or phishing, although the exact methods used in this campaign are not confirmed.

The threat actors behind PJobRAT have historically used diverse distribution methods, including third-party app stores and compromised legitimate sites.

Enhanced Capabilities

The latest versions of PJobRAT have seen significant updates, particularly in their ability to execute shell commands.

PJobRAT Android Malware
Code to execute shell commands

According to the Report, this enhancement allows the malware to potentially steal data from any app on the device, root the device, or even silently remove itself after completing its objectives.

Unlike previous versions, the new PJobRAT does not specifically target WhatsApp messages but can access data from any app.

It communicates with command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling it to upload stolen data such as SMS messages, contacts, and files.

The campaign appears to have concluded, with no recent activity observed. However, this resurgence highlights the adaptability of threat actors, who continually refine their tactics and malware to evade detection.

Android users are advised to avoid installing apps from untrusted sources and to use mobile threat detection software to protect against such threats.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed...

Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition

Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing...

Kaspersky Alerts on AI-Driven Slopsquatting as Emerging Supply Chain Threat

Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the...

UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed...

Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition

Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing...

Kaspersky Alerts on AI-Driven Slopsquatting as Emerging Supply Chain Threat

Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the...