AIVARAT Mobile Malware

Cybersecurity researchers have uncovered a mobile malware threat that is equipped with an expansive set of advanced, threatening features. Tracked as AVIARAT, the threat falls into the RAT (Remote Access Trojan) category. It is designed specifically to infect Android devices and provide control over them to its cybercriminal operators. Analysis of the malware has revealed that it can be used to extract various information from breached devices. The hackers can receive system data, read Internal Storage files, collect media of all types from the user's device, get a list of all installed applications, etc. The threat can escalate its privileges to admin permissions, allowing the hackers to execute arbitrary shell commands.

Unfortunately for its victims, AIVARAT's actions do not stop there. The hackers can utilize the threat to manage the victim's contact information, read and send SMS, retrieve notifications or show false ones promoting dubious items, establish keylogging routines, and display phishing screens that imitate the login screens of the original applications. To ensure its continued presence on the infected device, AIVARAT triggers several persistence mechanisms that will start the threat on every system restart or whatever a notification is received.

Cybersecurity experts also have seen a more advanced version of the threat that also can be used as ransomware and screen lockers, potentially causing permanent damage to the breached device. The more sophisticated version also is capable of hiding its activities better. It also can delete files chosen by the cybercriminals, obtain SIM card data, and take photos via the device's camera.