- Sofos researchers found a new Pjobrat variant
- Android Rat now addresses Taiwanese users
- The rat can execute the Shell commands and exfiltrate data
Pjobrat, a android remote access Trojan (rat) who disappeared approximately six years ago, has returned quite quiet, aimed at users with some possibly more dangerous features.
Cybersecurity researchers of the SOFHOS X-OPS security team discovered new samples in nature, noting that the 2019 PJOBRAT could steal SMS messages, telephone contacts, information of devices and applications, documents and multimedia files, of infected Android devices.
The new variant can also execute Shell commands: “This greatly increases malware capabilities, allowing the actor to threaten much greater control over the mobile devices of the victims,” explains Sofos. “You can allow them to steal data, including WhatsApp data, from any application on the device, root the device itself, use the victim’s device to aim and penetrate other systems on the network, and even silently eliminate malware once its objectives have been completed.”
Inactive campaign
The 2019 variant was mainly directed to Indian military personnel, by falsifying different applications of instant appointments and messages.
The new variant seems to have abandoned the angle of the quotations and focuses exclusively on being an instant messaging application.
In fact, Sofos says that applications really work, and that the victims, if they knew the identifications of others, could even communicate with each other.
Speaking of the victims, the attackers no longer point to the Indians and, instead, they have changed to the Taiwanese.
Some of the applications found in nature are called ‘Sangaallite’ (possibly a typographic version of ‘Signallite’, an application used in 2021 campaigns) and CChat (falsifying a legitimate application of the same name).
The applications were distributed through WordPress sites, Sofos said, suggesting that they cannot be found in popular application stores. Since then, the sites have closed, which means that the campaign is probably completed, but the researchers informed WordPress anyway.
“Therefore, this campaign was executed for at least 22 months, and maybe for two and a half years,” was sad. However, it does not seem to have been a large or successful campaign, since the general public was not the goal.
