A new Android malware called RatOn has evolved into a highly sophisticated threat, capable of NFC relay attacks, automated money transfers, and device fraud. It primarily targets financial apps and cryptocurrency wallets, with active development and deployment noted in the Czech and Slovakian regions. #RatOn #NFSkate
Keypoints
- RatOn has transformed from a basic NFC relay tool to a powerful remote access Trojan with ATS capabilities.
- The malware exploits fake Play Store listings to deliver dropper apps that activate its malicious functions.
- It targets financial and cryptocurrency apps, including MetaMask, Trust Wallet, and Blockchain.com, for account takeover and cryptocurrency theft.
- RatOn can lock devices, display ransomware-style ransom notes, and exfiltrate sensitive data like seed phrases.
- The threat group appears to focus on Czech and Slovakian users, possibly collaborating with local money mules for automated transfers.
Read More: https://thehackernews.com/2025/09/raton-android-malware-detected-with-nfc.html