Craxs - Rat

Beginning in April 2023, a series of sophisticated scams targeted Singapore. Threat actors set up phishing websites imitating well‑known brands, then tricked victims into downloading a fake Android app. The app, built with Craxs RAT, was designed to harvest banking credentials and personal information, and to give the attacker remote control of the device. Some of the fake apps impersonated an official anti‑scam centre, exploiting victims’ trust in law enforcement.

Treat unsolicited links or files in emails and messaging apps with high suspicion.

The malware is actively maintained and updated by its creator. Version 7.5:

: Integrates with the default SMS app to prevent notifications from appearing when an OTP is received . craxs rat

In the rapidly evolving landscape of mobile cybersecurity, Remote Access Trojans (RATs) have emerged as one of the most significant threats to user privacy and data security. Among these, has gained notoriety as a highly potent and sophisticated tool designed specifically to target Android devices.

If you believe your device has been compromised by CRAXS RAT, it is recommended to perform a factory reset, scan the device with a trusted security tool, and change all passwords for accounts used on that device.

Can disable Google Play Protect and intercept One-Time Passwords (OTPs), effectively bypassing Two-Factor Authentication (2FA) for bank accounts or crypto wallets. How It Operates Beginning in April 2023, a series of sophisticated

Implementing "stealth" mechanisms that allow the malware to survive device reboots and updates. Newer variants like

It can silently record calls, capture live screen video, and activate the camera or microphone without the user's knowledge. Harvest Data: It intercepts SMS messages to steal One-Time Passwords (OTPs)

In 2020, the source code for Spymax RAT (a variant of the older SpyNote malware) leaked online. EVLF used this leaked code as a foundation, completely rebuilding and optimizing it to evade modern mobile security. Commercialization via Telegram Some of the fake apps impersonated an official

Features include keylogging, screen recording, and gesture manipulation.

by bypassing the "black screen" security on banking and crypto apps. The Vanishing Act

: Following the sale of EVLF's original Telegram channels in late 2023, development accelerated independently. Releases like Craxs RAT v7.5 and the heavily modified G700 variant specifically optimized the malware to bypass Google Play Protect and target cryptocurrency ecosystems. Technical Capabilities: How Craxs RAT Dominates Android