Cybersecurity researchers have identified PlayPraetor, a sophisticated Android RAT infecting over 11,000 devices across multiple regions, primarily targeting Spanish and French speakers. This malware network uses fake app overlays, real-time command-and-control (C2) servers, and a multi-variant malware-as-a-service model to conduct financial fraud and sensitive data theft. #PlayPraetor #AndroidRAT #MobileMalware #CyberThreats #FinancialFraud
Keypoints
- PlayPraetor has infected more than 11,000 Android devices worldwide, with a focus on Portuguese, Spanish, and French-speaking users.
- The malware leverages accessibility services to gain remote control over devices and mimic login screens of banking and cryptocurrency apps.
- It operates through multiple variants, including those for phishing, fraud, remote control, and counterfeit product schemes.
- The command-and-control infrastructure is managed by a Chinese threat actor and integrates real-time command execution and video livestreaming capabilities.
- Other recent Android malware campaigns include ToxicPanda and DoubleTrouble, both evolving to enhance their fraud and data exfiltration capabilities.
Read More: https://thehackernews.com/2025/08/playpraetor-android-trojan-infects.html