Cypherratv3.5-new.zip File

Source code is publicly available, enabling widespread customization by various criminal groups. Key Capabilities

Targets banking applications to steal credentials through keylogging and screen capturing via the MediaProjection API .

Android (Primary target), though Windows-based control builders exist. Author: Syrian threat actor known as EVLF DEV . CypherRatV3.5-NEW.zip

Specifically designed to bypass security by lifting passwords from social media apps like Facebook and Gmail.

Abuses Accessibility Services to extract two-factor authentication (2FA) codes from apps like Google Authenticator . Evasion and Persistence Android Malware Targets Financial Institutions | ERGOS Author: Syrian threat actor known as EVLF DEV

This report analyzes the package, a variant of the potent CypherRat (also known as SpyNote.C) Remote Access Trojan (RAT). Originally developed by the threat actor EVLF DEV , this malware transitioned from a paid "Malware-as-a-Service" model to an open-source tool on GitHub , leading to a significant increase in global infections. Malware Profile

Attackers can remotely control the victim's camera, microphone, and GPS location . and GPS location .

CypherRat V3.5 and its variants are designed for comprehensive device surveillance and financial theft: