Security News > 2023 > August > Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week.
EVLF is said to be operating a web shop to advertise their warez since at least September 2022.
CraxsRAT is billed as an Android trojan that enables a threat actor to remote control an infected device from a Windows computer, with the developer consistently releasing new updates based on feedback from the customers.
"CraxsRAT is one of the most dangerous RATs in the current Android threat landscape, with impactful features such as Google Play protect bypass, live screen view, as well as a shell for command execution," Cyfirma explained.
EVLF has been observed operating a Telegram channel named "EvLF Devz" that was created on February 17, 2022.
The GitHub account of EVLF remains active on the code-hosting service.
News URL
https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html
Related news
- OpenAI confirms threat actors use ChatGPT to write malware (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)