Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

CIRCL OSINT Feed

ThreatFox MISP Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

A new Android banking trojan named RatOn has emerged, combining NFC relay attacks with remote access and automated transfer capabilities. Discovered by analysts monitoring the NFSkate threat group, RatOn targets cryptocurrency wallets and banking applications, particularly in the Czech Republic and Slovakia. The malware is distributed through adult-themed websites and employs a multi-stage infection process. RatOn features overlay attacks, automated money transfers, and cryptocurrency wallet takeovers. It demonstrates sophisticated capabilities, including screen casting, PIN interception, and extensive bot commands. The trojan's evolution from a basic NFC relay tool to a complex RAT with ATS functionality makes it a significant threat in the mobile malware landscape.

RatOn is a newly identified Android banking trojan that represents a significant evolution in mobile malware capabilities. Initially emerging as a tool focused on NFC relay attacks, RatOn has developed into a sophisticated Remote Access Trojan (RAT) with Automated Transfer System (ATS) functionalities. The malware is primarily distributed through adult-themed websites, employing a multi-stage infection process to evade detection and maximize infection success. Once installed, RatOn targets cryptocurrency wallets and banking applications, with a particular focus on users in the Czech Republic and Slovakia. Its capabilities include overlay attacks that deceive users by displaying fake login screens, automated money transfers that facilitate stealthy theft without user intervention, and cryptocurrency wallet takeovers. Additionally, RatOn can intercept PIN codes, perform screen casting to monitor user activity in real-time, and execute a wide range of bot commands, allowing attackers extensive control over infected devices. The malware’s evolution from a simple NFC relay tool to a complex RAT with ATS features highlights its adaptability and the increasing sophistication of mobile banking threats. The involvement of the NFSkate threat group, known for targeting financial assets, underscores the targeted and strategic nature of this campaign. Although no known exploits in the wild have been reported beyond the infection vector, the threat posed by RatOn is considerable due to its multi-faceted attack techniques and focus on high-value financial targets.

Detailed information about The Rise of RatOn: From NFC heists to remote control and ATS. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'overlay attacks'

Filter Threats

Threats Tagged 'overlay attacks'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility