HeroRat: Telegram-abusing Android RAT

HeroRat: Telegram-abusing Android RAT

ESET security researchers have discovered a new Android RAT (Remote Administration Tool) variant in the wild. The new variant is dubbed “HeroRat” and abuses the Telegram protocol for command and control, and can steal sensitive data.

ESET found the entirely new malware family started spreading in August of 2017 and the source code was leaked in March 2018 and made available in hacking channels. 

It appears the malware was developed in C# using the Xamarin framework, as rare combination according to ESET. Previous versions of Android RATs targeting Telegram apps were written in Android Java. 

“Having gained access to the victim’s device, the attacker then leverages Telegram’s bot functionality to control the newly listed device. Each compromised device is controlled via a bot, set up and operated by the attacker using the Telegram app,” ESET wrote in a recent blog post

HeroRat can intercept messages/contacts, send text messages, make calls, record audio/screens, obtain device location and even control the device’s settings, according to ESET researchers. 

The malware was not found in Google Play store.

To avoid becoming a victim, experts remind users to only download apps from the official Google Play store (avoid third party app stores), read user reviews before downloading and be extremely cautious what permissions you grant any apps before/after installing the app. 

Related Articles

ElectroRAT malware zaps thousands of systems to empty cryptocurrency wallets

New version of CRAT remote access trojan targets endpoints

Russian threat actors use new ComRAT and Zebrocy malware in recent attacks