Security News > 2023 > August > Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week.
EVLF is said to be operating a web shop to advertise their warez since at least September 2022.
CraxsRAT is billed as an Android trojan that enables a threat actor to remote control an infected device from a Windows computer, with the developer consistently releasing new updates based on feedback from the customers.
"CraxsRAT is one of the most dangerous RATs in the current Android threat landscape, with impactful features such as Google Play protect bypass, live screen view, as well as a shell for command execution," Cyfirma explained.
EVLF has been observed operating a Telegram channel named "EvLF Devz" that was created on February 17, 2022.
The GitHub account of EVLF remains active on the code-hosting service.
News URL
https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Android financial threats: What businesses need to know to protect themselves and their customers (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)