Cybercrime Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer
Internet Security Breach
A cybersecurity company, Cyfirma, claims to have identified the real identity of the developer behind the CypherRAT and CraxsRAT malware. The individual, operating under the online handle ‘EVLF DEV,’ has been selling these remote access trojans (RATs) to various threat actors for the past eight years. It is estimated that the developer has earned over $75,000 from selling the two RATs. Cyfirma also discovered that EVLF is a malware-as-a-service (MaaS) operator.
The Threat of CraxsRAT
One of the most dangerous Android RATs available, CraxsRAT has been offered by EVLF for the past three years. This RAT builder generates highly obfuscated packages, allowing threat actors to customize the contents based on the type of attack they are preparing. The builder also includes a quick install feature that generates applications with few install permissions to help bypass detections. Once installed, the threat actor can send requests to enable additional permissions, gaining access to the device’s screen, keystrokes, precise device location, contacts, storage, messages, and call logs.
Unearthing the Developer’s Identity
Cyfirma’s investigation into EVLF’s activities led to the discovery of a Telegram channel with over 10,000 subscribers, as well as a crypto wallet that revealed the developer’s earnings from selling the RATs over the past three years. The cybersecurity company reached out to the cryptocurrency wallet company, requesting a freeze of EVLF’s assets until an identity verification could be performed. With the funds remaining frozen after verification, EVLF unknowingly helped Cyfirma further uncover their identity by starting a thread on a crypto discussion forum. Through this thread, Cyfirma obtained additional information, including the individual’s real name, various usernames, IP address, and email address.
An Individual from Syria
Based on their investigation, Cyfirma confidently states that EVLF is being operated by a man from Syria. The evidence gathered strongly points to EVLF’s involvement in the development and sale of the CypherRAT and CraxsRAT malware. However, it is important to note that attribution in the realm of cybercrime can be challenging, and further collaboration with law enforcement and intelligence agencies may be necessary to validate this conclusion.
Philosophical Discussion: Cybercrime and Accountability
This recent revelation offers an opportunity to reflect on the question of accountability in cyberspace. The anonymity and global reach of the internet provide fertile ground for cybercriminals to operate, making it challenging to hold them responsible for their actions. The case of EVLF underscores the importance of collaboration between cybersecurity companies, law enforcement, and intelligence agencies to unmask and bring cybercriminals to justice. Such cooperation is crucial to deter and disrupt the activities of these malicious actors.
Editorial: Strengthening International Cooperation
As cyber threats continue to evolve and become increasingly sophisticated, it is imperative for countries around the world to strengthen their cooperation in combating cybercrime. This includes sharing intelligence, collaborating on investigations, and harmonizing legislation to enable effective prosecution of cybercriminals. The identification of the real identity behind CypherRAT and CraxsRAT is a significant step forward in the fight against cybercrime, but it highlights the need for sustained international efforts to dismantle cybersecurity threats.
Advice for Individuals and Organizations
Individuals
As individuals, it is essential to prioritize our own cybersecurity. Here are a few steps to take:
– Keep software and devices up to date with the latest security patches
– Use strong, unique passwords for online accounts and enable two-factor authentication when available
– Be cautious of downloading apps or software from unknown sources
– Regularly back up important data to protect against ransomware attacks
– Be vigilant about phishing attempts and avoid clicking on suspicious links or downloading attachments from unfamiliar sources
Organizations
Organizations must also prioritize cybersecurity to protect sensitive data and systems. Here are some best practices:
– Implement robust cybersecurity measures, including firewalls, intrusion detection systems, and antivirus software
– Conduct regular security audits and penetration testing to identify vulnerabilities
– Educate employees about cybersecurity best practices and the risks associated with phishing, social engineering, and other attack vectors
– Develop an incident response plan to effectively respond to and mitigate cyber incidents
– Collaborate with cybersecurity companies, law enforcement agencies, and industry peers to share threat intelligence and stay updated on emerging threats
By following these recommendations and staying informed about cybersecurity best practices, individuals and organizations can play their part in maintaining a safer digital environment for all.
<< photo by Sora Shimazaki >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Rising Threat of Cybersecurity Breaches: Analyzing Latitude Financial’s AU$76 Million Losses
- Latitude Financial Reveals Multi-Million Dollar Toll of Cyberattack
- Brazilian Hacker’s Allegations Raise Concerns About Election Security Ahead of 2022 Vote
- Securing User Data: Unveiling the Secrets of OAuth Grant Investigations
- Critical Vulnerabilities in Juniper Switches and Firewalls Enable Remote Code Execution
- “Bolsonaro’s Alleged Election Meddling: Unveiling the Brazilian Hacker’s Claims”
- Foreign Intelligence Agencies Target US Space Industry with Cyberattacks: US Government Issues Warning
