G700: The Next Generation of Craxs RAT

Nov. 4, 2024, 10:45 p.m.

Description

G700 RAT, an advanced variant of Craxs RAT, targets Android devices and cryptocurrency applications. It employs sophisticated techniques like privilege escalation, phishing, and malicious APK distribution to infiltrate devices. The malware bypasses authentication, captures sensitive data, and manipulates legitimate app functions, allowing attackers to perform illicit actions undetected. Developed in C# and Java, it exploits mobile app security gaps, intercepts SMS messages, abuses Android permissions, and hijacks crypto transactions. G700 RAT uses persistence and obfuscation techniques, including Base64 encoding and APK encryption, to evade detection. Distributed through darkweb forums and Telegram channels, it poses a growing threat to device security, especially in cryptocurrency and financial environments.

External References

https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
https://otx.alienvault.com/pulse/672946aacc176b3d2922b6b6
Tags
obfuscation
phishing
android
cryptocurrency
craxs rat
privilege escalation
2024-11-04
apk distribution
transaction hijacking
sms interception
g700 rat

Date

  • Created: Nov. 4, 2024, 10:11 p.m.
  • Published: Nov. 4, 2024, 10:11 p.m.
  • Modified: Nov. 4, 2024, 10:45 p.m.

Indicators

  • dcdf640e0eef93ff9708e73c461d98f30433770edd2a92f603c8e66f23cf77c1
  • 65ad213f9c6403308cbc805ebe122e08c52c8d21d1b4f8efd0f406e2d448bdef
  • 313804ea8fda918ff8a909f2367e903b030c3aa305e320d20a865fd6b19d062b
Download all indicators here!

Attack Patterns

  • G700 RAT
  • Craxs RAT

Additional Informations

  • Finance
  • British Indian Ocean Territory
  • India