Beware!! A new Android Malware(WolfRAT) is asking the users of messaging apps like WhatsApp, Facebook, and Line to install it on their devices. This trojan collects images, photos, videos, and audio recordings from your device. The researchers at Cisco Talos named this new trojan as “WolfRAT.” This new type of malware targets the users asking them to install it on their device in the cloak of Flash update or Google Play update. After being installed on the device, the trojan collects the aforementioned data and also sends it to the control servers(C2 servers) or the trojan command.
Roots of WolfRAT and the Info it Collects.
The Cisco Talos researchers said that this new trojan is a type of Remote Access Trojan(RAT). And, this is the modified version of an older malware— DenDroid whose source code was leaked way back in 2015. Since the source code was leaked, other trojans such as WolfRAT came into existence, which targetted mainly messaging apps such as Facebook Messenger and WhatsApp.
According to the researchers, WolfRAT is a trojan likely to be run by an inactive1 organization —Wolf Research that used to generate espionage and interception-based malware although the organization is not functional now, the researcher claim that its crew may be working from a remote area.
Also, some Thai users were targeted by the WolfRAT malware told researchers in their blog. They also revealed that some control server domains contain names of Thai foods, including some of the Thai comments in them. Surprisingly, some of the C2 servers are located in Thailand itself.
WolfRAT gathers all the information from the targeted users, which include sensitive information in it. The researchers said that information collection itself is a successful step for the trojan creators as they have access to a lot of information, which includes sensitive information of the users.
The researchers also found that the work on the trojan was done in a slow/lazy manner. They found a lot of copy-paste from the general public sources, unstable code, dead code, and open panels, and a lot more. In general, the information was collected from the users who are not afraid of their security and privacy concerns and from the messages of these users.
Some information regarding the screen recording was also found in the trojan work. The Cisco Talos researchers asked us not to install unknown software that pops up on your device. Make sure to verify the notification that pops up to keep yourself safe.