Android Remote Access Trojan (RAT) with Ransomware Implications and Stealing Wi-Fi Passwords

On April 5th, Threatmon Intelligence reported a new threat to Android devices; a Remote Access Trojan (RAT) known as Oxycorat.[1]

Oxycorat functionality and features

ThreatMon screenshot showing Oxycorat Features list

This malicious software is specifically designed to infiltrate Android devices.  According to a GBHackers report, the new trojan has now been made available for sale on the Dark Web, where Cybercriminals looking for a comprehensive toolkit to execute various infamous activities can buy it.

The RAT includes several features:

  • Oxycorat can act as ransomware, locking users out of their devices and demanding payment for access restoration.

  • A file manager will allow file browsing on the device.

  • An SMS manager to allow access to text messaging.

  • A wallet stealer, which could give attackers access to sensitive financial information.

  • It can manage WhatsApp messages, potentially exposing private conversations.

  • It can also steal Wi-Fi passwords, leading to unauthorized access to private networks, further compromising personal data, and spreading the infection to other devices connected to the same network.

Users should remain vigilant. Avoid downloading apps from untrusted sources and update your devices with the latest security patches.

To safeguard against threats like Oxycorat, users should:

  • Install an antivirus and anti-malware application on their devices.

  • Keep your phone’s operating system and apps updated with the latest versions.

  • Be cautious when granting app permissions, especially those that seem unnecessary for the app’s function.

  • Avoid clicking on suspicious links or downloading attachments from unknown sources.

  • Use strong, unique passwords for their Wi-Fi networks and change them periodically.


Trusted Internet offers a best-in-breed managed and monitored antivirus for Android and iOS devices. If you do not have a mobile anti-virus or aren’t sure if you do, please get in touch with your Virtual CISO™ or our Executive Cyber Support team for an evaluation and/or installation of antivirus on your phones/pads. Our Executive Cyber Support Center may be reached at support@trustedinternet.io. 




[1] https://twitter.com/MonThreat/status/1776162733072760977

Previous
Previous

Trusted Internet Guidance on the US Cybersecurity and Infrastructure Security Agency Emergency Directive on Microsoft Email Compromise

Next
Next

What happens when you click that link? A Simple Case Study of a Local New Hampshire Small Business.