The MobiHok RAT is a Remote Access Trojan that can help an attacker take over your system for collecting information or other purposes. This Android-specific threat is hiring itself out to third parties on Web forums in multiple languages, which complicates any possible infection strategies it might use. Have your anti-malware products updated for uninstalling a MobiHok RAT or blocking an installation most effectively.
Recycling Code for 'New' Trojan Attacks
A criminal operating under the name of Mobeebom is passing off a variant of a former Trojan as his original work. The MobiHok RAT or MobeRAT is a barely-altered update of the SpyNote RAT, whose source code became available on dark Web forums back in 2016. Both Remote Access Trojans provide backdoor-related features and compromise Android devices, such as tablets and smartphones.
Since the MobiHok RAT is selling out to third parties, it may circulate through any of countless infection strategies, including RDP-related hacks, e-mail spam, torrents, or social messages with phishing content. Although it's of note that Mobeebom prefers Arabic-speaking forums for the majority of his promotional posts, malware analysts can verify his seeking clients in other languages, too, such as English. There are multiple builds of this Trojan, but version four or V4 is the first that's verifiably for sale.
The MobiHok RAT wields features that are conventional for Remote Access Trojans and emphasize passing control of the device off to the remote threat actor. As such, infections can manage applications, contacts, general phone settings, and the camera, and perform file operations like moving, opening, or deleting them. Malware analysts also are pointing out the MobiHok RAT's built-in capacity for collecting typed information through a keylogger.
Keeping Four-Year-Old Software from Harming Your Phone
Whether it's using the name of the MobiHok RAT, or the old one of the SpyNote RAT, this Trojan acts as an ill-minded administrator over most of your device's functions. It also bypasses security features related to Samsung hardware and Google's Play explicitly, and users shouldn't depend on safety protocols for preventing infections. The MobiHok RAT also provides a terminal or text-based window for issuing commands and requires little software knowledge for acts such as turning off security settings, changing files, or installing other programs.
One of the most high-priced options in the MobiHok RAT's marketing promotes a wholesale purchase of its source code. Programmers could, after acquiring it, further modify the MobiHok RAT to fit their needs, and these variants may possess attacks or characteristics not listed here. Users should avoid possible infection sources, such as illicit downloads, pop-up-based update requests, or obfuscated links, whenever possible.
Anti-malware products that are capable of identifying this Trojan's predecessor should, just as expediently, uninstall the MobiHok RAT or block any installation exploits automatically. Symptoms of backdoor activities from Remote Access Trojans are rarely observable without in-depth tools, such as network monitors.
The MobiHok RAT isn't the only time that a criminal has taken leftover Trojans and reheated them into a supposedly new business. Since Mobeebom is aiming to make his Remote Access Trojan one of the most prominent in the Android market, users will have to wait and see if four-year-old code can stand up to 2019's mobile security.