CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
CYFIRMA Research
CYFIRMA Research- TaxiSpy RAT: Analysis of TaxiSpy RAT – Russian Banking-Focused Android Malware with Full Remote Control
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
New Report Released: Advanced Android Banking RAT Targeting Russian Financial Institutions
CYFIRMA Research has uncovered a highly sophisticated Android Banking Trojan with integrated Remote Access Trojan (RAT) capabilities targeting Russian users and financial institutions, such as banking apps, cryptocurrency applications, government services apps, and marketplace platforms.
What the report covers:
• Native library–based obfuscation (sysruntime[.]so)
• Custom rolling XOR encryption hiding C2 infrastructure
• Firebase-backed command & control
• Real-time VNC-like remote device control
• SMS takeover & OTP interception
• Lock screen PIN capture & keylogging
• Targeted monitoring of 33+ Russian banking apps
• Multi-layered persistence mechanisms
The malware demonstrates advanced operational security, runtime decryption of infrastructure, affiliate-style worker keys, and comprehensive financial fraud capabilities.
This campaign reflects the growing sophistication of Android banking RAT ecosystems — combining stealth, persistence, and full remote access into a scalable threat model.
Link to the Research Report: TAXISPY RAT : Analysis of TaxiSpy RAT - Russian Banking - Focused Android Malware with Full Remote Control - CYFIRMA
#ThreatIntelligence #AndroidMalware #BankingTrojan #CyberSecurity #MobileThreats #RAT #MalwareAnalysis #CYFIRMA #CYFIRMAResearch #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/