Khaberni - "iVerify" has detected the emergence of a new remote access tool targeting the Android system named "HyperRAT," which poses a highly advanced and serious threat.
According to the website "Android Headlines," the new tool is sold on cybercrime forums as a service that enables novice attackers to launch widespread campaigns easily.
Subscription and High Risks
"iVerify" indicates that the attacker pays a subscription fee to obtain a ready-to-deploy malicious "APK" file, while the vendor takes care of all backend aspects from server hosting to control interfaces.
"Cleafy," a cybersecurity company, has issued a serious and urgent warning regarding a fake app called "Modpro IP TV + VPN," which has been found to contain an advanced malicious software known as "Klopatra," capable of stealing bank accounts and fully controlling the infected devices remotely.
The "Hyper RAT" tool contains an integrated web control panel that allows the operator to perform a wide range of functions on the compromised devices, including: fetching usage logs, conversations, archived messages, and sending short text messages (SMS) from the victim's SIM card, even launching mass messaging campaigns.
In addition to checking the call log and making calls on behalf of the user, displaying the permissions granted on the device and modifying them, browsing installed applications, and even creating "VNC" sessions for remote access to the device interface.
This week, the American company "Apple" is set to unveil three new devices, all powered by its latest "M5" processor, a move that comes just weeks after the announcement of the "iPhone 17" and the new "AirPods Pro."
The control interface also shows that the system can enable internet connectivity and set up auto-start after reboot, while specific functions can be disabled according to the operator's desire, demonstrating the precision control provided by the malicious software.
More Than Just "Spying"
According to the technology site, the presence of a button for sending mass messages and features integrated with applications like "Telegram" indicates that the objective is not only to gather information but also to use the hijacked devices as a platform for launching wide-scale phishing attacks or distributing annoying content, turning the phones into mobile attack tools.
Furthermore, accessing the list of installed applications allows attackers to target specific apps such as banking applications, increasing the risks of financial fraud and targeting sensitive data.
