What is CapraRAT Mobile Malware?
CapraRAT is the name of a malicious tool that affects mobile devices, specifically devices running Android.
CapraRAT, as the name suggests, is a remote access trojan. The malware is linked with the advanced persistent threat actor known by the handle APT36.
The mobile malware can perform a number of actions on compromised devices, including using the camera and microphone, accessing system and phonebook information, going through call history logs and installing Android app packages on the device.
The malware has a module that ensures its persistence by running high-frequency checks whether its own service is running. If the service is inactive, it is restarted and run immediately.
Similar malicious tools are commonly distributed using spam sms and text messages. Victims would usually receive a fake text with a link in it, claiming to be from a legitimate institution or entity. The link often leads to an installer package for the malware.
Android malware of this type can lead to significant privacy risks and should be avoided at all costs.