Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,491
- Points
- 113
Syrian cybercriminal EVLF appears to be behind the development of the CypherRAT and CraxsRAT malware families designed to attack Android users.
According to a recent report by Cyfirma, CypherRAT and CraxsRAT are Trojans that allow operators to remotely access a victim's mobile device.
“Among other things, these malware allow the attacker to control the smartphone’s camera, track the user’s geolocation, and eavesdrop using a microphone,” experts explain.
The author of CypherRAT and CraxsRAT offers them to other cybercriminals using the malware-as-a-service (MaaS) model. About a hundred attackers, according to researchers, have acquired a lifetime license to use Trojans over the past three years.
The Syrian hacker EVLF, who has been dubbed the creator of these Trojans, runs an online store where both malwares can be purchased from September 2022.
CraxsRAT, for example, is designed to allow an operator to control an infected mobile device through a Windows computer. At the same time, the author is constantly refining the Trojan, taking into account the wishes of customers.
A special builder helps to customize and obfuscate the payload, choose an icon, application name and functionality. It is even possible to set individual permissions that the malware will request from the OS.
Cyfirma called CraxsRAT one of the most dangerous remote access Trojans. For example, it has a "Super Mod" feature that makes it very difficult to remove malicious software from the device.
EVLF, as you know, runs the telegram channel “EvLF Devz”, the creation date of which is February 17, 2022. At the time of writing, the channel has 10,678 subscribers. However, today the EVLF posted a message announcing the cessation of its activities.
According to a recent report by Cyfirma, CypherRAT and CraxsRAT are Trojans that allow operators to remotely access a victim's mobile device.
“Among other things, these malware allow the attacker to control the smartphone’s camera, track the user’s geolocation, and eavesdrop using a microphone,” experts explain.
The author of CypherRAT and CraxsRAT offers them to other cybercriminals using the malware-as-a-service (MaaS) model. About a hundred attackers, according to researchers, have acquired a lifetime license to use Trojans over the past three years.
The Syrian hacker EVLF, who has been dubbed the creator of these Trojans, runs an online store where both malwares can be purchased from September 2022.
CraxsRAT, for example, is designed to allow an operator to control an infected mobile device through a Windows computer. At the same time, the author is constantly refining the Trojan, taking into account the wishes of customers.
A special builder helps to customize and obfuscate the payload, choose an icon, application name and functionality. It is even possible to set individual permissions that the malware will request from the OS.
Cyfirma called CraxsRAT one of the most dangerous remote access Trojans. For example, it has a "Super Mod" feature that makes it very difficult to remove malicious software from the device.
EVLF, as you know, runs the telegram channel “EvLF Devz”, the creation date of which is February 17, 2022. At the time of writing, the channel has 10,678 subscribers. However, today the EVLF posted a message announcing the cessation of its activities.
