AIVARAT Mobile Malware
AIVARAT is the name of a newly detected strain of mobile malware. The new threat is a remote access trojan or a RAT, as the name implies.
The capabilities of the new malware are considerable. AIVARAT can scrape and exfiltrate a number of data sets from the compromised device, including system data, installed app lists, and local storage file lists. The malware can also exfiltrate any media file found on the compromised device.
AIVARAT can access call logs and contact lists on the device and can both intercept and read and send text messages. There are reports that the malware is also capable of logging keypresses on the virtual keyboard and displaying phishing screens mimicking the login interfaces of legitimate apps.
There seems to be at least some sort of persistence with the malware. While it will not run with every device boot by default, receiving any new notification will re-trigger and run it again.
The RAT also has a ransomware-like module that can encrypt files on the device and lock it with a PIN code.