Rat King: How the Android Trojan CraxsRAT Steals User Data
Oct. 31, 2024, 8 p.m.
Tags
External References
Description
CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK files via messaging apps. CraxsRAT has extensive capabilities, including remote device control, data exfiltration, call and SMS interception, keylogging, and camera/microphone access. It uses various techniques to evade detection and removal. The trojan is believed to be used by both financially motivated groups and those engaged in cyber espionage. Over 140 unique samples have been identified, with the threat continuing to evolve and adapt to maintain its effectiveness.
Date
Published: Oct. 31, 2024, 8:23 a.m.
Created: Oct. 31, 2024, 8:23 a.m.
Modified: Oct. 31, 2024, 8 p.m.
Attack Patterns
CRAXSRAT
T1493
T1492
T1508
T1048
T1407
T1548
T1582
T1546
T1057
T1210
T1485
T1056
T1566
T1059
Additional Informations
Finance
Telecommunications
Government
Belarus
Russian Federation