888 RAT Targets Kurd Groups, BladeHawk Hackers Run the Campaign

Kurdish ethnic groups are having their Android devices infected by what appears to be a new piece of Android malware. The threat, dubbed the 888 RAT, is used alongside SpyNote, another Remote Access Trojan (RAT) for Android. The criminals behind this attack appear to be a group tracked under the alias BladeHawk. These criminals have been involved in similar attacks in the past, where they used other Android implants. It is important to add that the 888 RAT may be referred under different names such as the LodaRAT or Gaza007 RAT.

How does this 888 RAT Campaign Reach Victims?

This particular campaign has been using fake Facebook profiles and other social media platforms to propagate the malicious app. The 888 RAT is usually masked as a legitimate piece of Android software, which the target downloads from a 3rd-party app-hosting site. The criminals use several profiles for the spam campaign. Some of these profiles pose as members of the tech community, while others act as Kurd supporters. Apart from promoting bogus apps delivering the 888 RAT, the same profiles were also used to spread phishing links for various social media apps and sites – such as Snapchat.

The 888 RAT is not a custom-built piece of malware. In fact, it was initially sold on a public website by its creators. It has been receiving regular updates, including An Android version that came out in 2019. It is not clear whether the BladeHawk hackers are using a purchased copy or a cracked one. Regardless, the features of the malware remain the same.

What are 888 RAT Capabilities?

The list of features of this Trojan is very rich. It is able to perform all sorts of tasks, and there is only one requirement – the victim must grant the app permissions to use the Android Accessibility Service. Since many people do not bother to actually check the privileges they grant apps, they may unknowingly give the 888 RAT full control over their Android device. Some of the most important tasks that this implant carries out include:

  • Record calls.
  • Grab screenshots.
  • Receive hardware information about the device – GPS location, battery level, and more.
  • Check for the presence of social media apps such as Facebook.
  • Steal Facebook credentials.
  • List all running apps.
  • Manage the file system.
  • Load URLs in hidden Web browser instances.
  • Execute remote commands/scripts.
  • Manage text messages.

Of course, all data that the 888 RAT extracts will be sent to the servers of the attackers. The implant is also able to display custom phishing overlays – probably made by the BladeHawk hackers.

Despite all of its dangerous features, the 888 RAT is a well-known piece of malware. Android users who invest in reputable and up-to-date antivirus apps can be certain that high-profile malware like this one will not get a chance to infect their device.

By Ruik
September 15, 2021
Android Malware
English
September 15, 2021
Android Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Computer Security

New Covid-Related Phishing Campaign Spreads Agent Tesla RAT

Even though an increasingly larger part of the world's population is getting vaccinated for Covid-19 and the global hysteria that had gripped the world in the first half of 2020 is now gradually dying down and life is... Read more

June 22, 2021
Android Malware

Remove Sandro RAT

Some malware families tend to be forgotten in time, but the Sandro RAT is not one of them. After it made its first appearance in 2014, it continues to be used to this very day. Its original developers are still... Read more

May 13, 2021
Malware

How to Remove Lime RAT

Lime RAT is a simple Remote Access Trojan (RAT,) which used to be spread with the use of maliciously modified Microsoft Excel documents. While the largest Lime RAT campaign took place in 2020, it is likely that the... Read more

April 21, 2021
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.