By Following the Crypto, Cyfirma Identifies Developer Behind CraxsRAT - #CypherRAT
A malware developer known as EVLF DEV was identified as creating and selling two dangerous remote access trojans (RATs), CypherRAT and CraxsRAT, which have been used to target Android devices over the past three years. CraxsRAT, an obfuscated Android RAT, has been sold through a malware-as-a-service scheme to over 100 threat actors, allowing them to remotely access victims' devices to control components like the camera, microphone, and location. Researchers traced EVLF DEV's activities to Syria and found that they had made at least $75,000 from selling the RATs. Although EVLF announced they were stopping development of the malware, the damage has already been done as both RATs were widely distributed and continue to threaten users.