Breaking News:SURXRAT V5: New Android RAT operates as malware-as-a-service with AI experiments | brief– What Just Happened

SURXRAT, a sophisticated Android remote access trojan (RAT), has emerged as a commercially structured malware operation, as revealed by Cyble Research and Intelligence Labs (CRIL). Distributed as SURXRAT V5, this malware utilizes a Telegram-based malware-as-a-service (MaaS) model, allowing affiliates to create custom builds while the core operator maintains centralized control, according to a recent report by The Cyber Express.SURXRAT is sold through a Telegram channel, with two licensing tiers: a Reseller Plan for a one-time payment of $200,000 and a Partner Plan for $500,000. Both plans offer permanent access with varying daily build limits and server upgrade privileges. The malware, believed to have evolved from ArsinkRAT, exhibits advanced capabilities including the conditional download of a large, 23GB LLM module from Hugging Face. This LLM download is triggered by specific gaming applications or attacker commands, potentially for disrupting gameplay, concealing malicious activity, or enabling AI-assisted social engineering.SURXRAT functions as a surveillance and remote control platform, collecting extensive data such as SMS messages, call logs, Gmail data, and browser history. It can also record audio, capture camera images, send SMS messages, and initiate phone calls. A ransomware-style screen locker feature allows for direct extortion. The MaaS model lowers the barrier to entry for cybercriminals, while the integration of large language models suggests a future trend towards more adaptive and evasive Android threats.Source: The Cyber Express

Get essential knowledge and practical strategies to use AI to better your security program.