By Guido Ronchetti, CTO – XTN Cognitive Security
Two years ago, we described an increasing presence of Remote Access Trojans, aka RAT malware targeting mobile devices and specifically Android users. Let’s update how things are going.
Mobile RAT has become the prominent character of modern malware threats targeting financial institutions. Most financially focused mobile malware families converge towards the RAT paradigm, adopting remote access and control capabilities.
3 REASONS WHY RAT IS THE MAIN APPROACH TO MOBILE MALWARE
Here are 3 main reasons mobile malware families are converging towards the RAT paradigm:
• Availability. RAT toolkits are readily available in the darknet or even on Github, requiring minimal technical skills and providing full client and server components.
• Approach. The RAT approach is very flexible, and it is convenient to move from one target to another quickly and differentiate the kind of information the fraudster is collecting. Some of those RATs can target banks and e-commerce services simultaneously, grabbing any information that could be valuable for the fraudster.
• Phishing. This malware can effectively support phishing o smishing campaigns that lead to remote access scams.
Over the years, those RATs are mutating their form, becoming much more challenging to detect. It’s interesting to mention that more and more those are distributed via Google Play Store, relying on legitimate apps that suddenly, once gained an attractive user base, updates including malware capabilities. Furthermore, those apps require fewer and fewer permissions to the user, making it more difficult for the victim to recognize suspect apps. On the other end, we observe more creative ways of hiding the exfiltrated data, relying on popular services such as Firebase, Telegram, or Whatsapp to report data to the fraudster.
The pandemic has even incremented malware campaign activities. In the last few months, we have witnessed RAT malware families such as OSCORP, Alien, or EventBot heavily targeting European and US financial institutions.
HOW TO DEAL WITH RAT
At XTN Cognitive Security®, we believe detecting and blocking malware activity before it becomes an actual fraud is crucial. Our Cognitive Security Platform® can spot malware activity by analyzing the user’s behavior and the apps installed in the device in real-time.
XTN Cognitive Security Platform® lets you secure your high-value online services against Mobile RAT. Get started!