Researchers with ESET have identified an Android RAT – known as Krysanec – that is making the rounds disguised as legitimate applications, including Russian banking app MobileBank, data use monitoring app 3G Traffic Guard, and even the ESET Mobile Security app.

Krysanec can connect to its command-and-control server, and download and execute plug-in modules, according to an ESET post. It can take photos and record audio, as well as access current GPS locations, lists of installed applications, opened webpages, placed calls, contact lists, and SMS and WhatsApp messages.

The malware is being spread through filesharing websites and Russian social media networks, such as Spaces.ru, according to the post, which adds that the malicious apps – often advertised as cracked versions of paid apps – typically work.