Saturday, September 7, 2024
HomeAndroidThreat Actor Sells Entire Source Code of Popular Android RAT in...

Threat Actor Sells Entire Source Code of Popular Android RAT in the Dark Web for $15,000

Published on

Dark web forums are the nesting grounds for threat actors to distribute hacking tools and other illicit documents. These dark web forums are known for anonymity and they can be reached only using a browser such as Tor.

SenseCy observed a sales thread in a hacking forum created by Arab-speaking threat actor with handle mobeebom for selling his Android RAT Tool MobiHok v4.

Android RAT Advertised

The MobiHok RAT developed in Visual Basic .NET and Android Studio, and it is capable of gaining complete control over the infected device. The RAT was inherited from Spynote.

- Advertisement - EHA

The author of MobiHok, just copied the source code of SpyNote and made minor changes and resells as a new RAT dubbed MobiHok.

Further analysis from SenseCy revealed that “the malware presents new features, such as a bypass to the Facebook authentication mechanism.”

The RAT can be purchased form the threat actors. it includes a variety of purchase options. It is possible to acquire the RAT as a complete package including source code and it costs US$ 15,000.

According to the advertisement, the modified RAT can perform the following activities

  • Control of the files
  • Control of the camera
  • Keylogging
  • Control of the SMS
  • Control of the contacts
  • Control of the apps
  • Control of the account/phone settings
  • Terminal
  • Bypass of Samsung security mechanisms
  • Bypass of Google Play security mechanisms
  • No “rooted” device required
  • The RAT can be bind to another APK app

The author of the RAT also published malware related posts on Facebook page and a YouTube channel since from January.

Earlier this year Facebook taken down 74 Facebook Groups for using it as a marketplace to trade illicit goods and services.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chameleon Device-Takeover Malware Attacking IT Employees

Researchers have identified a new Chameleon campaign targeting hospitality employees, where the attackers employed...

New LianSpy Attacking Android Users to Steal Sensitive Data

Cybersecurity experts have uncovered a sophisticated Android spyware, LianSpy, targeting users to steal sensitive...

Beware Of New BingoMod Android Malware Steals Money & Formats Device

The wide use and the huge user base of Android often lucrative the threat...