A new Android RAT has been spotted by iVerify. RAT, in case you’re not familiar, stands for a Remote Access Tool. The source claims that it is being sold on cybercrime forums as we speak.

iVerify notes that even inexperienced attackers can now launch mobile malware campaigns at this point, as “Android malware as a service market has matured.” Attackers pay a subscription fee and then receive a malicious APK, which is usually ready to deploy.

HyperRAT is a rather advanced malware up to no good

Thanks to that subscription fee, the seller handles the servers and everything else. HyperRAT is the latest RAT that was spotted by iVerify. It is a Russian-language Android remote access trojan.

HyperRAT has a web-based command and control panel. Operators can fetch logs, send notifications, dispatch an SMS from the infected user’s SIM, download archived messages, inspect the call log, view or modify granted permissions, browse installed applications, and even establish a VNC session.

iVerify also notes that the presence of a mass-messaging button signals that this malware is made for more than just spying. It can also facilitate downstream spam or phishing campaigns from compromised phones .

HyperRAT can read and write call logs, place calls, send SMS, and much more

The web UI can show which Android permissions have been granted. HyperRAT can inform operators whether it can read or write call logs, place calls, send SMS or MMS, access the internet , and run foreground services.

In this particular case, internet access and auto-restart after reboot are enabled. Call logs and SMS functionality are, however, disabled. This list does show how granular the malware’s control is.

HyperRAT can also show a table of installed applications on the infected user’s phone. This gives the operator of the malware more options, as it can target a specific app, for example, a banking one.

Bulk SMS campaigns and Telegram integration are not out of the question

We’re only scratching the surface here. There are various other options that this RAT can provide. Those options range from bulk SMS campaigns and Telegram integration to building a customized trojan. Use cases are, unfortunately, vast.