This report analyzes the package, a variant of the potent CypherRat (also known as SpyNote.C) Remote Access Trojan (RAT). Originally developed by the threat actor EVLF DEV , this malware transitioned from a paid "Malware-as-a-Service" model to an open-source tool on GitHub , leading to a significant increase in global infections. Malware Profile
Attackers can remotely control the victim's camera, microphone, and GPS location .
Specifically designed to bypass security by lifting passwords from social media apps like Facebook and Gmail. CypherRatV3.5-NEW.zip
Targets banking applications to steal credentials through keylogging and screen capturing via the MediaProjection API .
Android Remote Access Trojan (RAT) / Banking Trojan. This report analyzes the package, a variant of
Abuses Accessibility Services to extract two-factor authentication (2FA) codes from apps like Google Authenticator . Evasion and Persistence Android Malware Targets Financial Institutions | ERGOS
Android (Primary target), though Windows-based control builders exist. Author: Syrian threat actor known as EVLF DEV . This report analyzes the package
CypherRat V3.5 and its variants are designed for comprehensive device surveillance and financial theft: