Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Android RAT spreading through modified legitimate apps

Researchers with ESET have identified an Android RAT – known as Krysanec – that is making the rounds disguised as legitimate applications, including Russian banking app MobileBank, data use monitoring app 3G Traffic Guard, and even the ESET Mobile Security app.

Krysanec can connect to its command-and-control server, and download and execute plug-in modules, according to an ESET post. It can take photos and record audio, as well as access current GPS locations, lists of installed applications, opened webpages, placed calls, contact lists, and SMS and WhatsApp messages.

The malware is being spread through filesharing websites and Russian social media networks, such as, according to the post, which adds that the malicious apps – often advertised as cracked versions of paid apps – typically work.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.