Rat King: How the Android Trojan CraxsRAT Steals User Data

Oct. 31, 2024, 8 p.m.

Description

CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK files via messaging apps. CraxsRAT has extensive capabilities, including remote device control, data exfiltration, call and SMS interception, keylogging, and camera/microphone access. It uses various techniques to evade detection and removal. The trojan is believed to be used by both financially motivated groups and those engaged in cyber espionage. Over 140 unique samples have been identified, with the threat continuing to evolve and adapt to maintain its effectiveness.

External References

https://www.facct.ru/blog/craxsrat/
https://otx.alienvault.com/pulse/67233e94333966399ab5dfaf
Tags
espionage
social engineering
android
data theft
trojan
financial fraud
remote access
craxsrat
2024-10-31

Date

  • Created: Oct. 31, 2024, 8:23 a.m.
  • Published: Oct. 31, 2024, 8:23 a.m.
  • Modified: Oct. 31, 2024, 8 p.m.

Attack Patterns

  • CRAXSRAT
  • T1493
  • T1492
  • T1508
  • T1048
  • T1407
  • T1548
  • T1582
  • T1546
  • T1057
  • T1210
  • T1485
  • T1056
  • T1566
  • T1059

Additional Informations

  • Finance
  • Telecommunications
  • Government
  • Belarus
  • Russian Federation