The security landscape on Android continues to evolve, but unfortunately not always for the better; to remind us of this iVerifywhich he recently identified HyperRATa new and dangerous Remote Access Trojan (RAT) written in Russian language and sold as malware-as-a-service on forums frequented by cybercriminals. The name is already eloquent in itself, but the details are even more so: it is an extremely complete trojan, capable of transforming an infected smartphone into a far-reaching surveillance and attack tool.
A level of total control with the HyperRAT Trojan
As pointed out by several security experts, the Android malware market as a service is now fully developed, even less experienced attackers can purchase a ready-to-use APK with a simple subscription fee; the seller takes care of everything else, hosting, infrastructure and even updates, while the buyer only has to deal with the distribution of the malicious file. In other words, anyone can launch an attack campaign with very little technical expertise.
HyperRAT stands out for a extremely complete web control panelwhich allows operators to:
- recover system logs and activity logs
- send notifications or SMS directly from the infected user’s SIM
- download archived messages and consult the call log
- view or change granted permissions
- explore installed applications
- establish a VNC session for full remote control of the device
It is therefore clear that this is not a simple spying trojan, but a remote management toolkit with extensive capabilitiesso much so that it can be exploited for spam campaigns, phishing or targeted attacks.
HyperRAT’s interface offers a disturbing level of granularitythe malware can know if it has access to call logs, the internet, or the ability to start automatically after a reboot. Even if some permissions (such as writing to call logs or sending SMS) can be deactivated, the fact that the operator can modify or restore them remotely makes everything extremely dangerous.
Furthermore, the ability to view the list of installed apps it opens up targeted espionage scenarios, just think of an attack against banking or payment applications, where the malware could intercept sensitive communications or steal credentials.
HyperRAT, according to researchers, integrates additional functions for mass messaging and connecting to Telegrammaking it possible to coordinate spam, phishing or other Trojan campaigns directly from compromised devices; in short, a flexible and potentially devastating weapon, capable of adapting to different scenarios, from personal espionage to large-scale attacks.
Although it is not yet clear how widespread HyperRAT is, its appearance confirms a trend that is now evident: Android hacking tools are becoming increasingly accessible and automated, drastically reducing the barrier to entry for cybercriminals.
As always, it is essential to pay close attention to installed apps, avoid APK files of unknown origin and keep your device’s security services updated.
