Security News > 2023 > August > Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week.
EVLF is said to be operating a web shop to advertise their warez since at least September 2022.
CraxsRAT is billed as an Android trojan that enables a threat actor to remote control an infected device from a Windows computer, with the developer consistently releasing new updates based on feedback from the customers.
"CraxsRAT is one of the most dangerous RATs in the current Android threat landscape, with impactful features such as Google Play protect bypass, live screen view, as well as a shell for command execution," Cyfirma explained.
EVLF has been observed operating a Telegram channel named "EvLF Devz" that was created on February 17, 2022.
The GitHub account of EVLF remains active on the code-hosting service.
News URL
https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)