Sandro Rat
A new threatening RAT (Remote Access Trojan) named Sandro is targeting Android users. The threat is potent, extremely, and can allow the threat actor near full control over the compromised devices. RATs are versatile malware threats that can be used in a variety of nefarious schemes, depending on the particular goals of the hackers.
In almost all cases, Android RATs such as Sandro exploit legitimate Accessibility Services to carry out their harmful operations. Accessibility Services are designed to help users who need additional assistance when interacting with their mobile devices. These options include reading and accessing displayed information, as well as anything that the user inputs. At the same time, Accessibility Services can simulate screen gestures and interact with the touchscreen of the device. Without Accessibility Services, most RATs will be limited in their functions, extremely and that is why they would pester users with pop-up notifications requesting for the feature to be enabled incessantly.
Once established onto the user's device, Sandro and the rest of the Android RAT threats can start obtaining information that will then be exfiltrated to remote servers under the control of the hackers. The malware can record audio and video via the device's microphone and cameras. The criminals also could manipulate the applications on the device by accessing, viewing, moving, running, or even deleting them. The same also is true for any files that the victims may have stored on the infected system.
RATs also could be used as a delivery vehicle for additional malware threats that will be dropped and then executed. Most often, these payloads are for screen lockers, file encryptors, crypto-miners, etc.
The Sandro RAT should be removed as soon as possible. Its presence could lead to serious privacy-related issues, as the threat could establish keylogging routines. Various phishing pop-ups and specially crafted overlay windows that mimic the login pages of legitimate banking, financial, social media, and other popular applications, could be used to collect any information entered into them.
