Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Rat King: How the Android Trojan CraxsRAT Steals User Data

Oct. 31, 2024, 8 p.m.

Description

CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK files via messaging apps. CraxsRAT has extensive capabilities, including remote device control, data exfiltration, call and SMS interception, keylogging, and camera/microphone access. It uses various techniques to evade detection and removal. The trojan is believed to be used by both financially motivated groups and those engaged in cyber espionage. Over 140 unique samples have been identified, with the threat continuing to evolve and adapt to maintain its effectiveness.

Date

Published: Oct. 31, 2024, 8:23 a.m.

Created: Oct. 31, 2024, 8:23 a.m.

Modified: Oct. 31, 2024, 8 p.m.

Attack Patterns

CRAXSRAT

T1493

T1492

T1508

T1048

T1407

T1548

T1582

T1546

T1057

T1210

T1485

T1056

T1566

T1059

Additional Informations

Finance

Telecommunications

Government

Belarus

Russian Federation