值得注意的是,Craxs RAT同样出现了。在报税季威胁激增的研究中,安全团队发现了伪装成税务表格文件的Windows版Craxs RAT样本,通过恶意邮件附件和钓鱼链接进行传播。
Victims receive fake notifications (e.g., "update your app" or "package delivery status").
Despite this announcement, the threat continues through cracked versions and derivative variants created by other actors.
It makes itself incredibly difficult to uninstall by manipulating Android's accessibility settings to auto-click "Cancel" if you try to remove it. ⚠️ How Does It Infect Your Phone? craxs rat verified
: Craxs RAT is often distributed through modified versions of popular apps (like WhatsApp Pro or free premium games) that claim to be "verified" or "safe" on third-party sites. Disable "Install from Unknown Sources" : Only install applications from the Google Play Store
Cybercriminals do not typically rely on direct hacking to deploy Craxs RAT; instead, they rely on social engineering to trick you into inviting them in. The most common distribution methods include:
Group-IB的研究表明,在这些攻击活动中,至少有被威胁行为者冒用,涵盖电商平台、反诈骗中心、宠物美容店乃至饺子店等多个领域。攻击者的手法高度统一:制作虚假广告诱骗受害者下单支付,然后要求受害者下载假冒安卓应用以完成支付流程。一旦安装,Craxs RAT便获得设备的完整控制权。 ⚠️ How Does It Infect Your Phone
这一技术继承关系在安全引擎的检测结果中也得到了印证。在对Craxs Rat v6样本的多引擎扫描分析中,28/69个安全引擎将其标记为恶意,检测名称涵盖“Android.SpyMax.291”(DrWeb)、“TrojanSpy:Android/SpyNote”(Alibaba)、“HEUR:Trojan-Spy.AndroidOS.SpyNote.bo”(Kaspersky)等多个变体。这些检测结果充分说明,尽管经过高度定制化改造,Craxs RAT依然保留了Spymax/SpyNote的基因特征。
Craxs RAT specifically targets mobile security gaps to intercept financial data and bypass authentication. Here is how to keep your device secure: Avoid "Verified" Mod APKs
This refers to a sophisticated Android Remote Access Trojan (RAT) often sold as malware-as-a-service. It is used by cybercriminals to remotely control devices, steal banking credentials, and record audio or video. steal banking credentials
We see three distinct searcher profiles:
Sandbox analysis of CraxsRAT samples has shown detection by multiple security engines, including malicious indicators for anti-detection and stealthy behavior such as querying firmware table information. Community YARA rules have been developed to detect the malware across different platforms.