CypherRAT and CraxsRAT malware, which were bought by more than 100 threat actors, have brought in $75,000 for EVLF DEV, a Malware-as-a-Service provider with a base in Syria.
Details:
- Three years, EVLF has been selling the hazardous Android RAT CraxsRAT via an online store.
- By constructing obfuscated packages, the builder enables malicious actors to alter content for assaults.
- CraxsRAT has the ability to locate devices, steal contacts, obtain access to storage, and extract message and call log information.
- At least 100 lifetime licenses for the RAT have been sold.
- The builder is in charge of creating packages that are highly obfuscated, allowing hostile actors to adapt their attacks.
The researchers discovered that the threat actor has been withdrawing money made from selling CypherRAT and CraxsRAT for at least the last three years using a well-known bitcoin wallet.
MaaS Offering in Vogue:
- DogeRAT, an Android malware that targets a number of businesses, including gaming and banking, was discovered in June.
- The alleged Indian originators of DogeRAT advertised it as a MaaS service.
- In addition to serving as a remote access tool, this open-source malware may copy data from the clipboard and act as a keylogger.
- FusionCore, a new MaaS provider that also developed the AnthraXXXLocker ransomware affiliate business, emerged in April. The threat actor sells a variety of specialized malware, such as ransomware, information thieves, and bitcoin mining software.
Conclusion:
The growth of MaaS providers like EVLF DEV highlights the worrying trend of cyberthreats turning into successful businesses. People should use caution when installing software, avoid clicking on strange links or attachments, and only install apps from trusted marketplaces in order to combat such bad actor efforts.
