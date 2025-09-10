Overlay intrusions, cryptocurrency wallet-targeted account takeovers, NFC relay attacks, and automated money transfers have been facilitated by the newly discovered RatOn Android trojan, reports The Hacker News.Bogus Google Play Store listing pages for an adult-friendly TikTok version have been leveraged by RatOn to deploy a dropper app, which seeks user permission to install apps from external sources to evade detection as a second-stage payload requests for accessibility services while downloading the third-stage NFSkate malware enabling NFC relay intrusions, according to a report from ThreatFabric.Aside from showing overlay screens seeking payment of $200 in exchange for phone access, RatOn executes commands to compromise the MetaMask, Phantom, Blockchain.com, and Trust cryptowallet apps while enabling automatic money transfers via the Czech Republic-based bank app George Cesko. "The account takeover and automated transfer features have shown that the threat actor knows the internals of the targeted applications quite well," said ThreatFabric researchers.
Malware, Threat Intelligence
New RatOn Android trojan enables remote, automated bank fraud
(Adobe Stock)
