Security News > 2021 > January > 'Rogue' Android RAT Can Take Control of Devices, Steal Data
A recently discovered Mobile Remote Access Trojan can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn.
Dubbed Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.
The threat was capable of data exfiltration, but could also destroy data locally, and even erase the OS. The developer started selling a piece of mobile malware several months later, and added another one to their portfolio after one year.
For the development of Rogue, the malware author apparently partnered with HexaGoN Dev, who specializes in the building of Android RATs.
Firebase services serve as a command and control server, meaning that all commands and data exfiltration are performed using Firebase's infrastructure.
"The story of the Rogue malware is an example of how mobile devices can be exploited. Similar to Triangulum, other threat actors are perfecting their craft and selling mobile malware across the dark Web - so we need to stay vigilant for new threats," Check Point concludes.
News URL
Related news
- Ratel RAT targets outdated Android phones in ransomware attacks (source)
- Rafel RAT targets outdated Android phones in ransomware attacks (source)
- Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices (source)
- Open-source Rafel RAT steals info, locks Android devices, asks for ransom (source)
- Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids (source)