| Feature | Description | |---------|-------------| | | When user tries to uninstall, the RAT immediately detects and presses "Cancel" or closes settings. | | Overlay attacks | Dynamic HTML overlays mimic banking apps to steal credentials. | | Accessibility abuse | Uses Accessibility Services to automate actions and bypass permissions. | | Persistence | Reinstalls itself if user revokes permissions or attempts forced stop. | | Self-hiding | Removes launcher icon; hides from recent apps list. | | Custom builder | Attackers can compile unique variants per victim (hardcoded C2, package name, features). |
Craxs Rat is notorious for its extensive suite of surveillance and manipulation tools. Its capabilities often include: Craxs Rat
Tracking every keystroke made on the device to capture login credentials and personal information. | Feature | Description | |---------|-------------| | |
: Using built-in keyloggers, it captures login credentials for various apps, including banking and cryptocurrency platforms. Distribution and Infection Methods | | Persistence | Reinstalls itself if user