Italian Android RAT Attacking Chinese Users

 

An Android RAT (Remote Access Trojan) has been found targeting specific Chinese devices.

This RAT seems to have originated in Italy. The code itself is littered with Italian text strings. Information obtained from the victim phones are being sent to a server hosted in Italy.

The RAT is found in two apps, it.cyprus.client and it.assistenzaumts.update. The RAT collects information such as device settings, technical details, and screenshots, among other things.

The interesting part of this RAT is that it seems to be targeting specific devices. Primarily located within China, some inections have been found in Japan as well.  The devices are Samsung N9005 Galaxy Note 3 LTE, Samsung SM-G355HN Galaxy 2 Core, LG D820 Nexus 5 and G355H Galaxy Core II (SM-G355HN) that have been rooted.

Discovered by Bitdefender researchers Alin Barbatei and Marius Mihai Tivada, the pair are concerned that there is more to this than what has been revealed, “Since only advanced persistent threats (APT) normally exhibit this type of selectivity when infecting victims, this Android RAT could be part of a wider attack that we’ve yet to uncover.”

Android RAT

 

source

Brad

BlackBerry Elite Founder & Owner of UTB Blogs and UTB Geek. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.

  • Nayalm

    BlackBerry got their work cut out for them!
    If they succeed where everyone and i mean EVERYONE failed, people and i mean the YUPPIES will see who’s got their backs and best interests.

Top