Security News > 2021 > January > 'Rogue' Android RAT Can Take Control of Devices, Steal Data
A recently discovered Mobile Remote Access Trojan can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn.
Dubbed Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.
The threat was capable of data exfiltration, but could also destroy data locally, and even erase the OS. The developer started selling a piece of mobile malware several months later, and added another one to their portfolio after one year.
For the development of Rogue, the malware author apparently partnered with HexaGoN Dev, who specializes in the building of Android RATs.
Firebase services serve as a command and control server, meaning that all commands and data exfiltration are performed using Firebase's infrastructure.
"The story of the Rogue malware is an example of how mobile devices can be exploited. Similar to Triangulum, other threat actors are perfecting their craft and selling mobile malware across the dark Web - so we need to stay vigilant for new threats," Check Point concludes.