430/68 Wednesday, October 29, 2025
Researchers from iVerify have uncovered a new Android malware named HyperRat, a Remote Access Trojan (RAT) being promoted on cybercrime forums under a Malware-as-a-Service (MaaS) model. By simply subscribing and paying for access, attackers receive a custom-built APK along with credentials to a web control panel, enabling them to immediately control infected devices. Capabilities include data theft, screen control via VNC, sending SMS/MMS, retrieving call logs, and executing remote commands – all without requiring technical expertise.
HyperRat also comes equipped with advanced functions, such as scanning installed apps to deploy phishing overlays for stealing banking credentials, mass SMS phishing campaigns from the victim’s device to evade telecom detection, and integration with Telegram bots for stealthy command-and-control. It further offers an APK Builder allowing attackers to craft fake apps with custom names, icons, and optional features like SOCKS5 proxy or WebView mode.
Researchers warn that the rise of MaaS platforms such as HyperRat, PhantomOS, and Nebula is lowering the barrier to entry, enabling even inexperienced threat actors to launch espionage or data theft operations. Users are strongly advised to avoid installing APKs from untrusted sources, regularly review app permissions, and be cautious of applications requesting excessive system privileges to prevent falling victim to increasingly sophisticated mobile threats.
Source https://hackread.com/hyperrat-android-malware-sold-spy-tool/
