An Android RAT (Remote Access Trojan) has been found targeting specific Chinese devices.
This RAT seems to have originated in Italy. The code itself is littered with Italian text strings. Information obtained from the victim phones are being sent to a server hosted in Italy.
The RAT is found in two apps, it.cyprus.client and it.assistenzaumts.update. The RAT collects information such as device settings, technical details, and screenshots, among other things.
The interesting part of this RAT is that it seems to be targeting specific devices. Primarily located within China, some inections have been found in Japan as well. The devices are Samsung N9005 Galaxy Note 3 LTE, Samsung SM-G355HN Galaxy 2 Core, LG D820 Nexus 5 and G355H Galaxy Core II (SM-G355HN) that have been rooted.
Discovered by Bitdefender researchers Alin Barbatei and Marius Mihai Tivada, the pair are concerned that there is more to this than what has been revealed, “Since only advanced persistent threats (APT) normally exhibit this type of selectivity when infecting victims, this Android RAT could be part of a wider attack that we’ve yet to uncover.”