HQ/EMEAFind out how we can help your business
EVLF DEV, the newest MaaS operator in the cybercriminal landscape, is the alleged CypherRAT and CraxsRAT malware developer. Based on reports, the two remote access trojans have successfully garnered more than a hundred purchases from multiple threat actors.
Researchers also revealed that the group has been operating from Syria for nearly a decade and has earned approximately $75,000 from selling the remote access trojans.
The EVLF DEV threat group has been supplying an online store with RATs.
According to investigations, the EVLF DEV group has sold CraxsRAT through an online store on a surface web store for the last three years. Researchers claimed that CraxsRAT is one of the most dangerous Android RATs, and the actors have sold about 100-lifetime subscriptions.
In addition, the RAT builder is responsible for developing obfuscated packages that enable threat actors to customise their contents based on the nature of the attack they are arranging. CraxsRAT could also retrieve accurate device location, steal contact details, acquire access to the device’s storage and extract the message and call log information once activated on an infected device.
The researchers also discovered that the group had used a well-known crypto wallet for a couple of years to withdraw profits from selling CraxsRAT and CypherRAT.
Malware-as-a-Service has been prevalent for the past few months as many malware developers continue to create RAT that aids cybercriminals with their malicious campaigns.
A couple of months ago, the Android malware DogeRAT targeted various industries, such as banking and gaming. The DogeRAT developers allegedly came from India and promoted it as a MaaS. The open-source malware could act as a remote access tool, function as a keylogger, and copy contents from a clipboard.
The sudden popularity of MaaS operators, such as EVLF DEV, shows the concerning trend of cyber threats that evolves into a profitable business. Therefore, cybersecurity experts advise individuals to be vigilant when downloading apps to counteract such campaigns from malicious threat groups.
Everyone should avoid interacting with sketchy and unverified attachments or links and limit installing unnecessary applications to prevent compromise.
