CypherRat V3.5 and its variants are designed for comprehensive device surveillance and financial theft:
Attackers can remotely control the victim's camera, microphone, and GPS location .
Abuses Accessibility Services to extract two-factor authentication (2FA) codes from apps like Google Authenticator . Evasion and Persistence Android Malware Targets Financial Institutions | ERGOS CypherRatV3.5-NEW.zip
Source code is publicly available, enabling widespread customization by various criminal groups. Key Capabilities
Android (Primary target), though Windows-based control builders exist. Author: Syrian threat actor known as EVLF DEV . CypherRat V3
Targets banking applications to steal credentials through keylogging and screen capturing via the MediaProjection API .
This report analyzes the package, a variant of the potent CypherRat (also known as SpyNote.C) Remote Access Trojan (RAT). Originally developed by the threat actor EVLF DEV , this malware transitioned from a paid "Malware-as-a-Service" model to an open-source tool on GitHub , leading to a significant increase in global infections. Malware Profile This report analyzes the package, a variant of
Android Remote Access Trojan (RAT) / Banking Trojan.
