By Guido Ronchetti, CTO – XTN Cognitive Security

Two years ago, we described an increasing presence of Remote Access Trojans, aka RAT malware targeting mobile devices and specifically Android users. Let’s update how things are going.

Mobile RAT has become the prominent character of modern malware threats targeting financial institutions. Most financially focused mobile malware families are converging towards the RAT paradigm, adopting remote access and control capabilities.


Here are 3 main reasons mobile malware families are converging towards the RAT paradigm:
Availability. RAT toolkits are readily available in the darknet or even on Github, requiring minimal technical skills and providing full client and server components.
Approach. The RAT approach is very flexible, and it is convenient to move from a target to another quickly and differentiate the kind of information the fraudster is collecting. Some of those RATs can target banks and e-commerce services simultaneously, grabbing any information that could be valuable for the fraudster.
Phishing. This kind of malware can effectively support phishing o smishing campaigns that lead to remote access scams.


Over the years, those RATs are mutating their form, becoming much more challenging to detect. It’s interesting to mention that more and more those are distributed via Google Play Store, relying on legitimate apps that suddenly, once gained an attractive user base, updates including malware capabilities. Furthermore, those apps require fewer and fewer permissions to the user, making it more difficult for the victim to recognize suspect apps. On the other end, we observe more creative ways of hiding the exfiltrated data, relying on popular services such as Firebase, Telegram, or Whatsapp to report data to the fraudster.

The pandemic has even incremented malware campaign activities. We have witnessed RAT malware families such as OSCORP, Alien, or EventBot heavily targeting European and US financial institutions in the last few months.


At XTN Cognitive Security®, we believe that detecting and blocking malware activity before it becomes an actual fraud is crucial. Our Cognitive Security Platform® can spot malware activity by analyzing the user’s behavior and the apps installed in the device in real-time.

Read more about RAT:

Mobile Remote Access Trojan (aka RAT)

RAT in the wild!

How to defend your endpoints from RAT!

XTN Cognitive Security Platform® lets you secure your high-value online services against Mobile RAT. Get started!

First Name *

Last Name *

Company *

Job Title *

Work Email *

Interested in *

Country *

How did you hear about us *

Your Message *

* I authorize the treatment of my personal data (Read our Privacy Policy).