Specifically designed to bypass security by lifting passwords from social media apps like Facebook and Gmail.
Source code is publicly available, enabling widespread customization by various criminal groups. Key Capabilities
Android Remote Access Trojan (RAT) / Banking Trojan. CypherRatV3.5-NEW.zip
This report analyzes the package, a variant of the potent CypherRat (also known as SpyNote.C) Remote Access Trojan (RAT). Originally developed by the threat actor EVLF DEV , this malware transitioned from a paid "Malware-as-a-Service" model to an open-source tool on GitHub , leading to a significant increase in global infections. Malware Profile
Abuses Accessibility Services to extract two-factor authentication (2FA) codes from apps like Google Authenticator . Evasion and Persistence Android Malware Targets Financial Institutions | ERGOS This report analyzes the package, a variant of
Targets banking applications to steal credentials through keylogging and screen capturing via the MediaProjection API .
Android (Primary target), though Windows-based control builders exist. Author: Syrian threat actor known as EVLF DEV . and GPS location .
Attackers can remotely control the victim's camera, microphone, and GPS location .