1. Forum
  2. tqwNet
  3. TQW GENTECH

  • An old Android RAT has returned with some new tricks - here is wh

    From TechnologyDaily@1337:1/100 to All on Fri Mar 28 17:15:08 2025
    An old Android RAT has returned with some new tricks - here is what to look out for

    Date:
    Fri, 28 Mar 2025 17:03:00 +0000

    Description:
    They say you can't teach an old dog new tricks, but this old RAT is back and more dangerous than ever.

    FULL STORY ======================================================================Sophos researchers found a new variant of PJobRAT Android RAT now targets Taiwanese users The RAT can run shell commands and exfiltrate data

    PJobRAT, an Android Remote Access Trojan (RAT) which disappeared roughly six years ago, has made a rather quiet comeback, targeting users with some arguably more dangerous functionalities.

    Cybersecurity researchers from Sophos X-Ops security team discovered new samples in the wild, noting the 2019 PJobRAT could steal SMS messages, phone contacts, device and app information, documents, and media files, from infected Android devices.

    The new variant can also run shell commands: This vastly increases the capabilities of the malware , allowing the threat actor much greater control over the victims mobile devices, Sophos explains. It may allow them to steal data including WhatsApp data from any app on the device, root the device itself, use the victims device to target and penetrate other systems on the network, and even silently remove the malware once their objectives have been completed.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Inactive campaign

    The 2019 variant was mostly targeting Indian military personnel, by spoofing different dating and instant messaging apps.

    The new variant seems to have ditched the dating angle, and focuses exclusively on being an instant messaging app.

    In fact, Sophos says that the apps actually work, and that the victims, if they knew each others IDs, could even communicate to one another.

    Speaking of the victims, the attackers no longer target Indians, and have instead switched to the Taiwanese.

    Some of the apps found in the wild are called SangaalLite (possibly a typosquatted version of SignalLite, an app used in the 2021 campaigns) and CChat (spoofing a legitimate app of the same name).

    The apps were being distributed through WordPress sites, Sophos said, suggesting that they cannot be found on popular app stores. The sites have since been shut down, meaning that the campaign is probably completed, but
    the researchers reported them to WordPress anyway.

    This campaign was therefore running for at least 22 months, and perhaps for
    as long as two and a half years, it was sad. However, it doesnt seem to have been a large, or successful campaign, since the general public wasnt the target. You might also like Devious new Android malware uses a Microsoft tool to avoid being spotted We've rounded up the best password managers Take a
    look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/an-old-android-rat-has-returned-with-so me-new-tricks-here-is-what-to-look-out-for


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)