Hyperrat: New RAT Android Malware Qualified, Sold In MaaS Scheme

JAKARTA - A new Android remote access trojan (RAT) with the name HyperRAT has been discovered by the security firm iVerify. This Russian-language malware is reportedly being traded on cyber crime forums as a "mallware-as-a-service" (MaaS) service, which allows even less experienced attackers to launch malicious campaigns.

iVerify notes that the maturity of the Android-as-a-service malware market now allows attackers to pay subscription fees and immediately receive APK files that are ready to be distributed, while sellers take care of hosting and server infrastructure.

HyperRAT is a very sophisticated Android long-distance access trojan. Its web-based control panel provides a detailed and wide control operator for infected devices. This control includes:

Taking the log of user activity.

Run a VNC (Virtual Network Computing) session for device visual control.

Do an SMS/call (Sending SMS from the victim's driver's license, checking the call log, or making a call).

Looking at the inventory of the installed application.

Manage app permissions (permissions).

Enable bulk message (bulk-messaging) features and Telegram integration.

This diverse ability allows operators to carry out targeted espionage, for example, stealing information from banking applications and launching large-scale spam or phishing campaigns using compromised phones.

HyperRAT's web interface can display any specific permissions that have been given to the device. This malware is able to tell operators whether it can read or write call logs, make calls, send SMS or MMS, access the internet, and run foreground services.

In some cases, iVerify observed that although internet access and auto-restart features once reboot is enabled, the call-log and SMS functions are actually disabled. This shows how detailed and specific control levels are owned by malware operators.

In addition, operators can view a list of applications installed on victims' phones. This information is invaluable because it allows attackers to target specific applications, such as banking applications, for data theft purposes.

With other options such as mass SMS campaigns, Telegram integration, and the ability to build customized trojans, iVerify warns that the potential and case of Hyperrat use are unfortunately very broad.