PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT

Description

A large-scale Malware-as-a-Service operation, orchestrated by Chinese-speaking threat actors, has infected over 11,000 Android devices globally with the PlayPraetor Remote Access Trojan. The campaign primarily targets Europe, with significant presence in Portugal, Spain, and France, but also affects Africa, Latin America, and Asia. The botnet is expanding rapidly, with over 2,000 new infections weekly, focusing on Spanish and French speakers. The operation is managed through a sophisticated Chinese-language Command and Control panel, supporting multiple affiliates. PlayPraetor abuses Android's Accessibility Services to gain real-time control over compromised devices, targeting nearly 200 banking apps and cryptocurrency wallets worldwide.