A new wave of Android malware in India, called GhostBat RAT, disguises itself as RTO apps like mParivahan to steal data, mine crypto, and control infected devices via Telegram bots. This sophisticated campaign uses multi-stage dropper techniques, evasion tactics, and social engineering to target users and exfiltrate sensitive information. #GhostBatRAT #RTOApps
Keypoints
- GhostBat RAT is a malware campaign targeting Android devices by impersonating RTO apps in India.
- The malware uses multi-stage droppers, obfuscation, and native code to evade detection and persist on devices.
- Attackers deliver malicious APKs through WhatsApp, SMS, and compromised websites with shortened URLs.
- The malware harvests banking credentials, OTPs, and SMS messages, and manages infected devices via Telegram bots.
- Advanced techniques include environment checks, encrypted payloads, and native execution to hinder reverse engineering and antivirus detection.
Read More: https://thecyberexpress.com/ghostbat-rat/