GhostBat RAT: Android Malware Targets RTO Apps for Data Theft

Cyber Security News by CyberSum.net

Published on October 15, 2025 at 09:00 PM

5 sources

A new Android malware campaign, GhostBat RAT, is spreading through social engineering tactics, disguising itself as legitimate Regional Transport Office (RTO) applications. The malware, which has been tracked since July 2024, uses Telegram bots to register infected devices and employs multi-stage droppers to evade detection. It steals financial data, mines cryptocurrency, and exfiltrates SMS messages, with over 40 unique samples discovered by September 2025. The malware requests extensive permissions, initiates phishing flows, and performs background surveillance of SMS content, targeting banking-related keywords.

Also Read

Winos 4.0 Malware Expands Reach with HoldingHands RAT

The threat actors behind Winos 4.0 malware have expanded their targeting to include new regions, using phishing emails with malicious PDFs to deliver HoldingHands RAT. This campaign, linked to an aggressive cybercrime group, employs SEO poisoning and fake websites to spread the malware. Recent attacks have utilized taxation-themed documents and fake landing pages to deceive recipients into downloading the RAT, which can capture sensitive information and run arbitrary commands.

By Cyber Security News by CyberSum.netOctober 18, 2025 at 03:00 PM