1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New Android RAT uses Near Field Communication to automatically st

    From TechnologyDaily@1337:1/100 to All on Wed Sep 10 16:00:09 2025
    New Android RAT uses Near Field Communication to automatically steal money from devices

    Date:
    Wed, 10 Sep 2025 14:50:00 +0000

    Description:
    Researchers spotted a unique piece of malware called RatOn, combining previously unseen features.

    FULL STORY ======================================================================RatOn
    is a rare Android trojan combining NFC relay, overlay attacks, and automated money transfers It targets banking apps and crypto wallets, stealing PINs and recovery phrases Spread via fake TikTok apps, it mainly targets users in Czechia and Slovakia

    Security researchers have uncovered a rare strain of Android malware with capabilities that were virtually unheard of - until now.

    Earlier this week, Threat Fabric published an in-depth report on RatOn, a Remote Access Trojan (RAT) with NFC relay capabilities.

    An NFC relay attack is when criminals use two devices to trick a payment terminal into thinking a real card or phone is present, even though its somewhere else. One device (an infected one) reads the victims card data and instantly sends it to another device that makes the payment on their behalf. RatOn Malware

    Instances where a trojan evolves from a basic NFC relay tool into a sophisticated RAT with Automated Transfer System (ATS) capabilities are virtually unheard of, Threat Fabric said. Thats why the discovery of the new trojan RatOn by ThreatFabric MTI analysts is particularly noteworthy. RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionalitymaking it a uniquely powerful threat.

    RatOn was first assembled in early July 2025, with the latest version popping up on August 29, meaning it is in active development. It primarily serves as an Android banking trojan, taking over devices and accounts. It also targets cryptocurrency wallets such as MetaMask, Trust Wallet, Blockchain.com, or Phantom, and can steal PINs and recovery phrases.

    The malware also uses overlays to trick users and lock devices, and performs automated money transfer using the George esko banking app. Since George esko is a mobile banking app in Czechia, the researchers concluded that the attackers are targeting, first and foremost, individuals in Czechia and Slovakia.

    The malware is being distributed via spoofed Google Play Store pages. They were set up to show an adult version of the TikTok app which hosted a malware dropper.

    Once installed, the dropper asks for certain permissions from the victim, including one that allows it to download apps from third-party sources. If granted, it will deploy second-stage payload, and ask for additional permissions, including the dreaded Accessibility Services.

    Via The Hacker News You might also like Vicious malware found in Android
    apps with over 19 million installs - here's how to stay safe Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-android-rat-uses-near-field-communi cation-to-automatically-steal-money-from-devices


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)