The Rise of RatOn: From NFC heists to remote control and ATS

Description

A new Android banking trojan named RatOn has emerged, combining NFC relay attacks with remote access and automated transfer capabilities. Discovered by analysts monitoring the NFSkate threat group, RatOn targets cryptocurrency wallets and banking applications, particularly in the Czech Republic and Slovakia. The malware is distributed through adult-themed websites and employs a multi-stage infection process. RatOn features overlay attacks, automated money transfers, and cryptocurrency wallet takeovers. It demonstrates sophisticated capabilities, including screen casting, PIN interception, and extensive bot commands. The trojan's evolution from a basic NFC relay tool to a complex RAT with ATS functionality makes it a significant threat in the mobile malware landscape.