EVLF DEV - Knowing the Creator of CypherRAT and CraxsRAT

Diving into details

• For the last three years, EVLF has been providing CraxsRAT through an online store on a surface web store. Perceived as one of the most dangerous Android RATs currently available, actors have sold at least 100-lifetime licenses for CraxsRAT so far.
• CraxsRAT builder is responsible for crafting heavily obfuscated packages, enabling malicious actors to customize the contents based on the specific nature of the attack they are planning, including the implementation of WebView page injections.
• When activated on compromised devices, the RAT is capable of retrieving accurate device location, pilfering contact information, gaining access to the device's storage, and extracting message and call log data.

MaaS offerings in vogue

• In June, DogeRAT, an Android malware was found targeting various industries, including banking and gaming. The developers of DogeRAT, suspected to be from India, promoted it as a MaaS offering. This open-source malware not only acts as a remote access tool but also functions as a keylogger and can copy content from the clipboard.
• April witnessed the emergence of a new MaaS operator, FusionCore, that also created a ransomware affiliate program called AnthraXXXLocker. The threat actor offers various custom malware, including ransomware, infostealers, and cryptocurrency mining tools.

The bottom line