In a hacker forum monitored by SOCRadar, a new alleged EagleSpy v3.0 Android RAT tool share is detected. https://image.socradar.com/screenshots/2024/03/21/9f5e2be4-9330-4dd1-964a-8f954aba50be.pnghttps://image.socradar.com/screenshots/2024/03/21/e8435056-9d64-44eb-943e-8dddbef0644f.png✓ Crypto injections : Trustwallet, Metamask, Exodus wallet, Binance, Kucoin, Bybit, Coinbase exchange, Coinbase wallet, Huobi global, Blockchain, Kraken. ✓ Show Scam page : Direct display scam page on screen to grabbs data in real time ✓ Injection : This will show scam page everytime when user want to open injected wallet ✓ PIN & Pattern lock grabbs for lock screen or specific Apps ✓ Sends all logs to telegram bot instantly ✓ Display custom text on screen while block mode (Cover screen by black layout) ✓ Custom injection : Add stealer functionality yourself as per need ✓ Custom Ransomeware : Lock the victim phone completely and display your wallet QR code to force him to pay money and show warned message. Victim can’t operate phone during ransomeware ✓ Permission Manager : Check & Request permissions if user didn’t granted permission ✓ Google 2FA stealer : Directly extract all codes and save on your desktop

In a hacker forum monitored by SOCRadar, a new rat tool share is detected. https://image.socradar.com/screenshots/2024/03/06/e5561c0e-5822-422e-a60d-ebc981483864.png2024 Rat Tool As you can see in the picture, it can produce viruses with many different methods... After entering the

In a hacker forum monitored by SOCRadar, an alleged CraxsRat V7.1 share is detected. https://image.socradar.com/screenshots/2024/03/13/39c83513-a6f8-4630-bc52-e579cbf7081b.pngHey friends, Just wanted to share this version. It's 100% clean without backdoors https://www.mediafire.com/file/***/CraxsRatv7-***.7z/*** Have fun

In a hacker forum monitored by SOCRadar, a new Windows rat sale is detected. https://image.socradar.com/screenshots/2024/01/17/22ff86e6-9702-4bff-bc5a-101a5537df94.pngI sell RAT for Windows. Functionality: - File manager (upload\download\run). - Hidden work in cmd\powershell. - Shutdown\reboot. - Screenshot. - Reliable fastening in the system. - Encryption of the communication channel with the admin panel. - Support for Win7 - 11 + server OS. Build in C++\admin on Sharpe. Cost $2000\month. I recruit no more than 5 clients. Guarantor is welcome.

 In a hacker forum monitored by SOCRadar, a new alleged source code sale is detected for Bifang Rat. https://image.socradar.com/screenshots/2023/11/30/58b40253-d07c-4ca2-99f4-f8462d980137.pngHi I am selling my Private rat BifangRat multi language english + china Coded in c/c++ for client and for server QT5c++ and the controller are coded in php price: 500$

In a hacker forum monitored by SOCRadar, a new alleged RAT tool LOST RAT sale is detected. https://image.socradar.com/screenshots/2023/12/07/fb4ce50b-d78e-4f89-ba5d-f531800323b8.pngLOST RAT Remote Access Tool Functions: HVNC (Hidden Virtual Network Computing) Reverse Proxy (Socks5) Stealer (Password,Cookies,CC's,History,Downloads..) Offline KeyLogger KeyLogger Remote Desktop Remote Chat Live Microphone WebCam UAC Bypass Remote Powershell Remote CMD Process Manager File Manager Registry Manager Misc System Control (...) Client Control Support for Listen on multiple ports Weight build from 30kb Детект / Detect 2023-11-28 Софт, писал для себя,могу добавить функции которые вам нужны.. / Software, I wrote for myself, I can add the functions that you need.. Price: 1 month - 199$ 6 months - 499$ LifeTime - 999$ Contacts: TG - https://t.me/*** qTox - *** PM I agree to the guarantor!

In a hacker forum monitored by SOCRadar, a new new crypt malware service is detected. https://image.socradar.com/screenshots/2023/11/27/75340ec3-f733-4e3c-af1b-ec9d8f47fe1f.pngI am armed with an impeccable stub that eats any kind of EXE files Penetrates 99% of all ABs Even the most complex malware can be encrypted perfectly I give a 24 hour guarantee on every file I make. The crypto is not a carbon copy - each file is 100% unique Defender and Google do not swear I will find an approach to each client and solve the problem 1 crypto - $60

In a hacker forum monitored by SOCRadar, a new alleged Catlogs malware sale is detected. https://image.socradar.com/screenshots/2023/11/18/2bae31e6-6f2d-4ced-88b8-022ad2f4d841.pngi'm selling Catlogs malware. Features: Browser Logins and cookie stealer Ransomeware(Encrypt/Decrypt with Custom key) RAT(Shell/System commands) Anti- Anlysis( Sandboxie, Virtual Machines, HoneyPots) and many more

In a hacker forum monitored by SOCRadar, a new andoid rat sale is detected. https://image.socradar.com/screenshots/2023/11/05/83ee3373-0240-49f6-b443-ef2d392b1e15.pngProperties vnc screan reader call SMS Reader-Sender Keylog See, open, and delete apps camera Microphone Send notifications,see incoming notifications Vexena is a completely private service, we don't want to serve as many people as we do on the market. It is mandatory to sell securely using the galantor in the forum. Demo panel is not provided, we can show you the detailed details of the panel by proving the time for 3 days only for trial.

In a hacker forum monitored by SOCRadar, Xeno RAT share is detected. https://image.socradar.com/screenshots/2023/11/01/ff07dadc-7690-411a-9b40-262d3cbdc2e3.pngWelcome to the official thread for Xeno Rat's release, a powerful and versatile remote access tool developed in C# for Windows 10 and 11. This open-source project is designed to provide you with a stable, feature-rich, and easy-to-use solution for remote computer control. Key Features Xeno Rat offers a wide range of features that set it apart from other RATs: - HVNC (Hidden Virtual Network Computing): Enjoy this premium feature for free, enhancing your remote access capabilities. - Live Microphone: Real-time audio surveillance, perfect for various use cases. - Socks5 Reverse Proxy: Proxy your internet traffic through the client with ease. - Regular Updates: The project is actively maintained, and new features are continuously added. - Built from Scratch: Xeno Rat is developed from the ground up, ensuring a unique approach to remote access. Some other features - Listen on multiple ports - Chat - Bluescreen - Message Box - Fun menu (monitor on/off, CD tray open/close, and more) - Webcam - Key Logger - Screen Control - Process Manager - File Manager - Shell - And plenty more... Legal Disclaimer Xeno Rat is intended for educational purposes only. The developer is not responsible for any misuse or damage caused by this tool. Always stay within legal and ethical boundaries. For more details and to access the project, visit Xeno Rat on GitHub. Explore the code and contribute to its development! For anyone who wants to donate, I also included a txt file with the exact same link.

In a hacker forum monitored by SOCRadar, a new alleged RAT sale is detected. https://image.socradar.com/screenshots/2023/10/28/b66cb6f2-3349-4e24-b2af-fa4aa2438c55.pngRemote Administrative Tool ( R.A.T ) written fully in C language ( no dependencies ) - 40 KB. Functions { Fun : - Simple MessageBox popup - Beep Sound - Empty recycle bin Power Management : - Shutdown - Restart - Sleep File Manager : - Download - Execute - Delete - Upload Task Manager : - Kill process Stealer : - Browser logins ( URL / Logins URL / Username / Password ) Screen : - Single Screnshot function ( capture all monitors on target machine - Vertical/Horizontal ) Reverse Functions : - Reverse command prompt - Reverse powershell Clipboard : - Get clipboard content - Set clipboard content Keylogger : - Live keylogger } Functions (included in Builder) { Clipper : - Bitcoin Format -> P2PKH, P2SH, BECH32/Segwit - Ethereum - Litecoin Error Message : - Fully customizable first boot error MessageBox ( Title, Content, Icon, Buttons ) Installation Folder : - Choose between 4 different path Additional : - Disable Task Manager - Persistence - Mutex - Strong anti VM + anti debug } PRICE : 1 BTC ( Garant is welcome ) COPY AVAILABLE : 1/1 Runtime Result : hxxps[://]checkzilla[.]io/scan/fa06e69c-be42-4096-829b-0b88c6d079b6 Scantime Result : hxxps[://]avcheck[.]net/id/MdhKDasbakAb What will you get after purchase ? - Full source code of client side AND also server side + builder. - Full support for installation to your server. - I am ready to explain every line of code 1 by 1 and answer all your questions ( concerning the product ). For any question concerning this product send me a PM, I will be happy to answer you. Server side screenshot : https://image.socradar.com/screenshots/2023/10/28/c45d2cb9-f616-4020-904f-8ec3a4af9599.pnghttps://image.socradar.com/screenshots/2023/10/28/74623855-ddce-4e55-ae5f-8680d7a7d85f.png

In a hacker forum monitored by SOCRadar, a new alleged source code sale is detected for Linux Rootkit. https://image.socradar.com/screenshots/2023/10/28/8d3febc9-5350-4a00-9578-842f8661ea4e.pngSyM Linux Rootkit SyM is a universal user-mode Linux rootkit that will sustainability hold root persistence across all Linux kernel versions, and will successfully bypass any EDR or rootkit detection software. SyM will also come with a plethora of features capable of stealing important files such as SQL database backups, .git, and other configuration files; And much more. Along with being the first of it's kind SyM implements some API system call hooking that has never been seen before which makes it such a unique, and undetectable rootkit experience. C&C / C2 / backdoor methods: ICMP backdoor Use a unique magic identifier to open a reverse shell accept ( ) backdoor Use a unique magic identify to open a listening TCP server PAM backdoor Direct interactive SSH backdoor with custom hidden port, username, and password Internal System Logging: SSH Log Log all incoming and outgoing SSH authorizations in plaintext by hooking pam_vprompt, read, and write API calls Execution Log Log all normal ( including root ) user command execution flow Hiding Self / Rootkit Hide all files, processes, open ports, and all connections based on unique magic identifier Hide process map files, to prevent direct mapping of process and being able to identify rootkit Hide any file, or directory of choice All rootkit master created directories and files will be kept track of, so no need to manually add or edit anything to keep it hidden! Note: It is possible to forge or fake as any other installed software, service, or similar EDR Bypass / Evasion Hooking API calls to hide it's self from / proc * / * maps as well as many other system locations Bypassing SELinux and GRSec Bypasses and hides from SentinelOne and other similar software File Stealer By scanning and keeping tracking of a user made list of interesting files and directories the rootkit is capable of stealing anything on the fly and uploading it directly to an external server Stuff like SQL databases are stolen automatically by default! Pricing Source Code: $7500 Contact Telegram

In a hacker forum monitored by SOCRadar, Zer0Day2 Rat and Binder share is detected. https://image.socradar.com/screenshots/2023/10/26/7dc2d98f-8fa3-414f-9bdd-0e000f170308.pngZer0Day2 Rat cracked https://** pass : ** https://image.socradar.com/screenshots/2023/10/26/261c0769-544e-4f68-a38f-92ea4636105a.pngZer0Day2 binder cracked https://** pass: **

In a hacker forum monitored by SOCRadar, a new stealer tool Anubis Stealer sale is detected. https://image.socradar.com/screenshots/2023/09/29/cf4d864b-4fc9-4fd9-ac67-fc693dbdb0bb.pngAnubis Stealer 💥Descriptive 💥 Program for remotely controlling Windows computers via a Telegram bot. Written in C++ language This remote access tool stands out for its exceptional features and high reliability. It supports Windows 10 and 11, both 32-bit and 64-bit operating systems. The software is developed in C/C++, featuring an independent Stub that doesn't rely on the .NET Framework. It boasts a rich set of functionalities, including cookie and password recovery, file management, remote execution, real-time and offline keylogging, remote shell access, and process management. Additionally, it supports obtaining TOKENs for Discord, Telegram, and Steam. The clipboard feature automatically replaces cryptocurrency addresses, enhancing privacy. Importantly, it includes an anti-sandbox feature that detects and counters various virtual environments and analysis tools. The Stub, ranging in size from 500KB to 600KB, ensures efficiency. In summary, this tool is user-friendly, offers a wide range of functionalities, and is suitable for various purposes, whether you need cookie recovery, password management, file transfer, or more. 💥Features💥 Cookies Recovery: This function allows you to recover cookies from popular Chrome and Firefox browsers in JSON format. Password Recovery: This feature enables the recovery of passwords from various browsers (Chrome, Firefox, Edge.) 50+ browsers。 File Manager: With the File Manager, you can upload and download files at high speed, as well as execute and delete files on the target computer. Download & Execute: This function allows you to execute files on remote computers. Remote Shell: This function lets you send commands to the remote computer's command prompt (CMD). Process Manager: With the Process Manager, you can view and terminate processes on the remote computer. TOKEN: Discord, Telegram, and Steam. Clipboard: Automatically replaces cryptocurrency addresses in the clipboard with a predefined address, likely to perform address substitution. AntiSandbox: This feature can detect the presence of virtualization or sandboxing environments like Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU, and analysis tools. Spoiler: Chromium browsers Edge Edge Beta Google Chrome Google Chrome Beta Google(x86) Opera Software ChromePlus Iridium 7Star CentBrowser Chedot Vivaldi Kometa Elements Browser Epic Privacy Browser uCozMedia Sleipnir5 ChromiumViewer Citrio Coowon liebao QIP Surf Orbitum Comodo Dragon Comodo Yandex 360Browser Maxthon3 BraveSoftware K-Melon Torch Amigo Sputnik SalamWeb BlackHawk QQBrowser Slimjet GhostBrowser Xvast 360Chrome Kinza Xpom Nichrome Blisk UCBrowser Spoiler: Gecko browsers Firefox Waterfox K-Meleon Thunderbird IceDragon Cyberfox BlackHaw Pale Moon Spoiler: Auto Stealer Example https://image.socradar.com/screenshots/2023/09/29/f057555f-e4d7-480f-b2d8-5149c0d5e3fe.pnghttps://image.socradar.com/screenshots/2023/09/29/f4e699e2-e798-4c1b-9b6e-b5eab757f318.pnghttps://image.socradar.com/screenshots/2023/09/29/add014e6-6971-4a03-8634-149b91c038e4.pngSpoiler: Control Command https://image.socradar.com/screenshots/2023/09/29/32c799e1-074b-4cb2-92e3-9bc86f3ad71f.pnghttps://image.socradar.com/screenshots/2023/09/29/fb419557-0909-4d74-9601-a59f4ea06a37.png💥Builder💥 Self-delete after the first run. Add a self-startup entry. Implement a blue screen protection (immediately trigger a blue screen if the program is terminated; this feature requires administrator privileges). Automatically collect cookies, passwords, history, credit cards, bookmarks, as well as data from Telegram, Discord, Steam, and screenshots. Cease communication if a blacklisted process is detected. Activate keylogging. Manage the clipboard and replace preset wallet addresses. Implement anti-sandbox, anti-analysis, and anti-virtual machine measures. Request administrator privileges to run the program. Spoiler: Builder 6.png 💥Subscription Prices:💥 🔥1 month - $120 $39 🔥3 months - $360 $117 🔥6 months - $720 $234 🚀 Limited Time Offer: Get an Extra Month for Free! 🎁 🔥 We've got great news for you! For the first 30 customers, we're offering an exclusive deal – simply purchase our product and receive an additional month absolutely FREE! 🔥 Don't miss out on this incredible opportunity! Act fast and be one of the privileged few to benefit from this special promotion. 🔥 Grab your extended subscription today and elevate your experience with us! 🔥 Hurry, this offer won't last forever. Make the most of it! Thank you for choosing us. We appreciate your trust in our service. 💥 Accepted cryptocurrencies: 💥 BTC, ETH,TRC20 💥Contact: Telegram Channel:💥 Click Here 💥Terms of service: 💥 Click Here

 In a hacker forum monitored by SOCRadar, an alleged CraxsRAT V6.7 sale is detected. https://image.socradar.com/screenshots/2023/09/20/6fc0139b-b5cd-4df1-bb68-dee092d2cc25.pnghttps://image.socradar.com/screenshots/2023/09/20/5a8e086b-975f-4bd5-b0b7-276ce15d4605.pnghttps://image.socradar.com/screenshots/2023/09/20/731a40ae-9476-438f-9b1e-9a6b4bc8d59f.pnghttps://image.socradar.com/screenshots/2023/09/20/be396d04-6df8-4699-a111-8be77dab5ee4.pnghttps://image.socradar.com/screenshots/2023/09/20/c1d06e69-3725-4930-82a7-0a4748bedf72.pngDETAILED INFORMATION AND TG FOR DEMO: @********** - !!️ 💯 ANDROID 13 WORKS AS A PROBLEMS IN ALL DEVICES. ✅ Whatsapp Click Reach. --------------------------------------------------------------- CraxsRat V6.7. New Update Attributes. File Manager 🟢Download/Install 🟢Secure Deletion Options 🟢Thumbnail/Gallery view . 🟢 Advanced search 🟢Copy/Paste 🟢Decrypt/Decode 🟢Hidden / Unhidden File 🟢 Set Wallpaper 💠Location 🟢Live Location 💠Live Screen Control 🟢Show Screen Live 🟢Control Screen (VNC) 🟢Use Keyboard 🟢 Lock / unlock screen 🟢Take silent screenshot 💠 Call Manager 🟢 Show Incoming/Outbound Call List 🟢Delete calls 💠 Send SMS 🟢 "Improve "Send SMS" feature 🟢 Send to multiple number 🟢Send from file to list 🟢Send to all people 💠 Application Manager 🟢Show Application List 🟢 Open Application 🟢 Remove Application 🟢 Disable / enable application 💠Keylogger 🟢Online/Live keylogger 🟢Offline keylogger 🟢Save to client folder 🟢Save everything 🟢even the pin of the screen lock 💠SMS Manager 🟢Show SMS List 🟢Delete SMS 💠Extra Tools 🟢 Search Number 🟢Download Linkten Apk 🟢Show Message on Screen 🟢 Clipboard 🟢 Open Link 🟢 Run Commands 🟢 Social Media Hunter 🟢 Stealer Gmail account 🟢 Ste aler Facebook account 🟢 Stealer 2FA Google 🟢Authenticator Code 💠 Permission Manager 🟢Not allowed/ not allowed Permissions checked 🟢 Ask for Permissions from the panel 🟢Request to enable accessibility 🟢 Draw in practice 💠 Account Manager 🟢 Application Email/Number Show Your Account 💠 Auto Clicker 🟢 On the screen Watch User Touch 🟢Save User Touchs 🟢 Repeat User Touchs 💠 Web Browser 🟢Web browser Monitor 🟢Web browser Html Viewer 🟢 Open link and track / save browser 💠 Injection in real app 🟢Silent control 🟢 Work like real practice 🟢 Ask for accessibility 🟢Anti killing 🟢 Anti removal 🟢 Wake up support screen 🟢 Support Permit manager 🟢Support screenshot 🟢Support lock screen 🟢 Recrypt APK 💠 Admin Rights 🟢Executive Rights Request 🟢 Lock screen 🟢 Delete Data ( delete everything ) 💠 Camera 🟢 Take Screen Image Camera 🟢 Open Front Camera 🟢Open Back Camera 🟢Take Photo 💠 Keyboard Manager (Beta) 🟢Phone keyboard 🟢Replace with Spyroid Rat custom keyboard 🟢 Support 3 languages “English – Arabic – Chinese” 🟢Record everything the victim enters 💠 Self Distraction 🟢 Automatic ( with super mode to remove apc and data 💠Microphone Capture 🟢 Listen Talk ✅ Save 💠 Notification Listener ✅Get All Notifications ✅Save 💠 Call Listener ✅Get all call notifications ✅ Save/remove call 💠 Screen Reader Skeleton view or Scan View ✅ Skip the black screen of banks and crypto application ✅Add logo window to easily copy anything from the screen

In a hacker forum monitored by SOCRadar, a new alleged remote administration tool sale is detected. https://image.socradar.com/screenshots/2023/09/14/33faee49-b62f-40ac-83b9-531ac2644ef5.pngHello everyone, you can find more information about software below. Remote Administration Tool Web admin panel with GUI + realtime remote clients communications One secure encrypted connection to the management server with multiple layers of https+rsa+aes Supports proxy connections over http, socks5 (also with credentials). You can create your own chain of proxy servers to connect to the management server (if your software is located deep in the network) Can be run as a service or as a current user. Universal plug-in system: command line socks5 tunnel file manager - view remote file system directories and download files mimikatz - command line as a plugin (possibly may be unstable using multiply commands with specify environment) vnc, hvnc - custom desktop viewer (under development) keylogger - simple keylogger via RegisterRawInputDevices() (under development) meterpreter - allows you to use the meterpreter module from metasploit framework (under development) screen[snapshots/recordings] - take screenshots and record user screen (under development) collection - complete system information with lost passwords (under development) webinjects - allow the operator to replace web traffic (under development) traffic tunneling - traffic tunneling without system tools (under development) Well tested under: Windows 7 with Service Pack 1 x64 - passed Windows Vista x64 - passed Windows 8.1 x64 - passed Windows 10 x64 - passed Windows 11 x64 - passed Windows Server 2008 x64 - passed Windows Server 2022 x64 - passed Windows 7 x86 - passed Windows 8.1 x86 - passed Windows 10 x86 - passed Minimum server requirements: VPS server with KVM virtualization 2 GB of RAM 1 Central processing unit Network any The TOR service for the licensing server. User Agreements and Terms: All parts of the software you use are at your own risk Messages to the support service about any warnings of the AV software after scanning the file will be ignored AV alerts can be considered at runtime if they can be reproduced in a laboratory environment. If any critical errors are found while using the software, we will try to fix them as soon as possible, depending on the type of error, and your license will be extended for the number of days from the date we receive the report (when we reproduce it in the laboratory) to the date of correction. We use escrow for every money transfer. Only you or your team can use this software package if you transfer the software to a third party, we will block your license. Refunds are not allowed Accepted payment: BTC, Monero. We not provide any bypass or privilege escalation. We not provide encryption for any binaries. After receiving the payment within the next 2 hours, you will have an archive with: web control panel - with plugins and license file of the selected plan x64/x86 executables - for execution on remote systems is about ~1Mb/~700Kb size Domain configuration file - configured for your domain (this is separate file must be copied to the specify folder on the system) Documentation - how install and use software and plugins. Plans for 30 days: Minimum Command Line File Manager Socks 5 Mimikatz 5 Domain Configurations Price: $2,990​ Since this is a raw project at the moment, and possibly can be unstable in some situations, we are adding an additional 30 days to your plan as a bonus. Thank you.

In a hacker forum monitored by SOCRadar, a recruitment post is detected who is specialized in RAT. https://image.socradar.com/screenshots/2023/11/02/3a2fc147-5b77-4d5d-83be-fc3fa9a44688.pngHello. I'm interested in the RAT direction. I know the basics, I've tried a lot. We need an experienced person immersed in this topic. For your time, I can offer you $500 in crypto. Sample questions... Write a list of rat - in areda and why are they? advantages and disadvantages? Mistakes and how to avoid making them? What kind of scams can there be on the forums? What is the best way to encrypt the victim's files? I will prepare a list of questions and send it to the contractor.

In a hacker forum monitored by SOCRadar, an alleged cross platform Telegram based RAT share is detected. https://image.socradar.com/screenshots/2023/11/02/f5fd1014-34ef-4d29-96ae-b39669a42ca9.pngCross Platform Telegram based RAT that communicates via telegram to evade network restrictions Download: https://www.mediafire.com/***

In a hacker forum monitored by SOCRadar, a recruitment post is detected who is specialized in 0-day vulnerabilities and android RATs. https://image.socradar.com/screenshots/2023/11/02/0d10f0cc-7ac7-4512-9629-d6dc30d6ab50.pngHello, we are looking for a team engaged in the development of 0day and Android rat. Currently, our team has 8 people. If you are interested, you are welcome to join us and can work remotely. Recruiting partners does require your investment, and you will receive financial support every month

In a hacker forum monitored by SOCRadar, Craxs RAT v6 share is detected. https://image.socradar.com/screenshots/2023/10/18/52bd33e9-e5d8-4991-806e-d27e2dd6c459.pngIf anyone can hack and make a working version please share it here. Use only on a virtual machine or VPS Now a lot of people started just selling it as soon as it went public I'll leave it for everyone https://mega.nz/file/***

 In a hacker forum monitored by SOCRadar, a new RAT sharing is detected. https://image.socradar.com/screenshots/2023/08/24/2761a369-e59b-4be8-912a-9fe994c2fbaf.pngFirstly update your old users with new Rat server, if you don't update you will face problem) 1.2.6 improvement list 1 - Improve Local Browser get password Support latest Chrome and Opera 2 - improve Cookie Thief Support latest Chrome and Opera 3 - Add Edge browser to Native Browser decryptor 4 - Add Edge browser to Cookie Thief 5 - Update Server's Generator with the last one (Can be encrypted with any encryptor) 6 - Add Brave browser to Local Browser decryptor 7 - Add Brave browser to Cookie Thief 8 - Since exe is already encryptable with new generator, it is in builder feature delete the option to use other encryptor 9 - Fix Rat auto encryption when click on stop button no more freeze 10 - Fix duplicate pass and improve Auto Task Get Password Now support ( Chrome - Opera - Edge - Firefox 32 bit - Brave ) Password : *****

In a hacker forum monitored by SOCRadar,  an alleged Craxs RAT V6 share is detected. https://image.socradar.com/screenshots/2023/09/19/1328c77f-a44d-420e-a353-1a610313febb.pngif somebudy want to crack craxs rat v6 then dm me on talegram I have original file Talegram: @***

In a hacker forum monitored by SOCRadar, Spyroid Rat 5.2 and 6.1 versions share is detected. https://image.socradar.com/screenshots/2023/07/31/a7869950-c346-49a3-a641-58335033d9b7.pngSpyroidRat V5.2 and SpyroidRat V6.1 are available and there is hwid protection on the splash screen that I am sharing for you to crack. SpyroidRat V5.2: https://bayfiles.com/*** SpyroidRat V6.1: https://bayfiles.com/*** Zip password: *** I wish you luck in advance, it would be nice if my professional cracking friends share it publicly.

  In a hacker forum monitored by SOCRadar, a new ohm android rat sharing is detected. https://image.socradar.com/screenshots/2023/08/07/aa198091-b2ba-4f53-abee-e4b83d70562e.pnghttps://image.socradar.com/screenshots/2023/08/07/feaccbd3-4959-4188-9f60-94b8b1208911.pngOHM Android RAT+Tutorial​ ========== "Android Remote Administration Tool" is what the abbreviation stands for. It is a kind of programme or application that enables someone to operate Android devices remotely, frequently without the user's knowledge or consent. While remote administration tools have their legal uses, such as in IT assistance or device monitoring, Android RATs are frequently linked to malevolent intent. Android RATs can be used by malicious actors to acquire unauthorised access to a victim's Android smartphone and carry out a variety of tasks, such as: Spying is the practise of gathering private data without the user's knowledge, such as messages, call records, and images. Keylogging is the act of recording keystrokes in order to obtain login information or other private data. Controlling a device's features remotely, such as dialling a number, sending an email, or starting an application. Copying files and data from the target device to the server of the attacker is data theft. Using compromised devices as part of a botnet to perform DDoS assaults on specific servers is known as distributed denial of service (DDoS). Ransomware: Software that locks a device and demands payment to unlock it. It's important to remember that it's unlawful and immoral to use Android RATs for nefarious purposes. These tools may be spread through a variety of techniques, including malicious websites, infected mobile applications, and email attachments. It's essential to keep your Android smartphone's software updated, only download apps from reputable stores like the Google Play Store, and use security software to find and remove any possible risks if you want to safeguard your device from attacks of this nature. Furthermore, maintaining good digital hygiene by avoiding dubious sites and files might reduce your vulnerability to Android RAT assaults. Features Read , Delete Internal Storage Files Download Any Media to your Device from Victims Device Get GPS location Get Network Provider Location Get all the system information of Victim Device Shows all the installed apps in Victims Device Open Any Website in Victims Device Make any folder in Victims Device Show any notification in Victims Device Delete any File or Folder From Victims Internal Storage Dump SMS Play music in Victims device Change Wallpaper Vibrate Device Turn On/Off Flash Light Text To Speach Feature Runs In Background Even App is Closed Support Android v5 + No Port Forwarding Needed Fully Undetectable WipeSdcard Shows Update Page , if you want. Pre Binded Whatsapp Discord: blackhatrussiaofficial#5904 Telegram: https://t.me/*** Download OHM Android RAT OHM Android RAT OHM Android RAT Download Link

 In a hacker forum monitored by SOCRadar, a new RAT sharing is detected. https://image.socradar.com/screenshots/2023/07/27/e0baf5ef-a468-4ada-aea0-a0bbd32b0589.pngAIRAVAT | A multifunctional Android RAT A multifunctional Android RAT with GUI based Web Panel without port forwarding. ========== Features Read all the files of Internal Storage Download Any Media to your Device from Victims Device Get all the system information of Victim Device Retrieve the List of Installed Applications Retrive SMS Retrive Call Logs Retrive Contacts Send SMS Gets all the Notifications Keylogger Admin Permission Show Phishing Pages to steal credentials through notification. Steal credentials through pre built phishing pages Open any suspicious website through notification to steal credentials. Record Audio through Mic Play music in Victim's device Vibrate Device Text To Speech Turn On/Off Torch Light Change Wallpaper Run shell Commands Get Clipboard text (Only When app's Activity is visible) Launch Any URL (Only When app's Activity is visible) Pre Binded with Instagram Webview Phishing Runs In Background Auto Starts on restarting the device Auto Starts when any notification arrives No port forwarding needed Requirements Firebase Account ApkEasy Tool ( For PC ) or ApkTool M ( for Android) Whatsapp Discord: ****#*** Telegram: https://t.me/***

In a hacker forum monitored by SOCRadar, a new alleged source codes leak is detected for VenomRAT 6.0.3. https://image.socradar.com/screenshots/2023/07/25/1030ecc9-bfca-42fc-9925-1ac0cb080eb1.pngEN: VenomRat 6.0.3 with sources Source TG:@*** Download AnonFiles

In a hacker forum monitored by SOCRadar, a new Craxs Rat V5 post is detected. https://image.socradar.com/screenshots/2023/07/27/1b684d38-c92f-4f57-9b8c-8e2ee3c0145e.png

In a hacker forum monitored by SOCRadar, a news about the AVrecon botnet infects over 70,000 Linux routers is shared. https://image.socradar.com/screenshots/2023/07/25/89a9b028-0506-4b5f-9ec5-22f4ca85fa89.pngSince May 2021, the AVrecon Linux malware has infected more than 70,000 SOHO routers and made most of them part of a botnet that specializes in creating hidden residential proxies, according to Lumen Black Lotus Labs . Such proxies allow botnet operators to mask a wide range of malicious activities, from digital advertising fraud to password spraying attacks. Despite the fact that the AVrecon Remote Access Trojan (RAT) compromised more than 70,000 devices, only 40,000 of them became part of the botnet when the malware got a foothold on the device, according to the researchers. AVrecon managed to avoid detection almost completely for a long time, although it was first noticedback in May 2021 when malware targeted Netgear routers. Since then, the botnet has remained undetected for two years and has gradually grown, by now becoming one of the largest router-targeted botnets in the world. “We suspect that the attackers are focusing on SOHO devices, as they are less likely to be patched with various CVEs,” the experts say. “Instead of using the botnet for a quick profit, its operators took a more moderate approach and were able to go unnoticed for two years. Due to the stealthy nature of the malware, owners of infected machines rarely notice performance issues or loss of bandwidth.” After infection, the malware sends information about the hacked router to the built-in address of the command and control server. After contact is established, the hacked device is instructed to establish communication with another group of servers - the control servers of the second stage. The researchers found 15 such servers that have been operating since at least October 2021, based on x.509 certificate information. https://image.socradar.com/screenshots/2023/07/25/1934c043-f59c-4f0f-9c9c-f65e4539b2d4.pngExperts note that they managed to harm the work of AVrecon by resetting the routing for the botnet control server in their backbone network. In fact, this severed the connection between the botnet and its control infrastructure, which significantly limited the malware from performing malicious actions. “The use of encryption does not allow us to comment on the results of password spraying attacks, however, we blocked C&C servers and prevented traffic from passing through proxy servers, which made the botnet inactive in the Lumen backbone network,” the company writes.

In a hacker forum monitored by SOCRadar, a new RAT tool sale is detected . https://image.socradar.com/screenshots/2023/07/12/284f0543-7cd7-4ba4-affc-36bbe6432cee.png  WrathRat *Multiple admins, Users, resellers, clients = one server. *Languages : English, Italian, Spanish *The Fastest RAT ever built, Period. 1- Super Admin panel : 1- You can create Users and Resellers 2- You can deactivate users/resellers 2- Resellers panel : You can create Users you want to rent the WrathRAT to 3- Users Panel : 1- Show device and their current LIVE Status (online or Offline) 2- Generate a new APK (Title, package name, Icon) 3- Block certain phone numbers (once the phone number is blocked the admin will be alert if the client has called the phone number) 4- Device notes (You can enter notes for each device) 5- Device Permissions 6- VNC 7- HVNC (Draws the important and not important texts, button, input fields, etc..) 9- Lock screen (shows a black screen that covers the whole screen and dims the light to make the device look like it's off) 10-Custom lock screen (You can design your own lock screen, top title, bottom title and an image "JPG or GIF") *The lock screen will also block the user touches on the device, and automatically closes the status bar if swiped down by the client 11- Call Logs (view, delete, insert calls) 12- Push notifications (able to send push notifications) 13- Apps (view, Open or uninstall device apps) 14- Block apps (Once an app is blocked it will never be opened again unless it's unblocked) 15- Keylogger (everything that is entered on the device will be shown in the panel) 16- Wakeup device (if the device screen is off you will be able to wake it up) 17- PIN/Pattern (Once this option is activated then you will be able to enter either the PIN or pattern in the device lock screen) 18- Format device 19- Call a number 20- SMS messages (View, send, delete SMS messages, a built-in SMS RAT) 21- Long click (You can perform a long click) 22- Swipe gestures 23- VNC and HVNC image quality (You can control the speed and the quality of the VNC and the HVNC) 24- Send Text (You can select any field via VNC or HVNC and you can enter any text in the selected field) 25- Remote Errors (If any error happens in the client device you will be able to view it in the panel) **There are many other features, the above are some of the functions of the WrathRAT. Payment options : 1- You can purchase the source codes. 2- You can rent the WrathRAT on a weekly basis payments.  

In a hacker forum monitored by SOCRadar, a new RAT sharing is detected. https://image.socradar.com/screenshots/2023/07/13/60850ff6-4f09-48b5-bfbc-15c7a79b9865.pngZeon Rat 1.0.0 Cracked Download link: İndir Zeon Rat Cracked *****rar Download file Zeon Rat Cracked ******rar www.virustotal.com www.virustotal.com Original Purchase Site: http://zeonrat.r*******

In a hacker forum monitored by SOCRadar, a recruitment post is detected to conduct ransomware attacks. https://image.socradar.com/screenshots/2023/07/13/71ecef80-19ff-4261-913d-ef51df062278.pngHello, (sorry if this is the wrong category) If you are familiar with my older post's you may be aware i have made a malicious video file that installs a RAT on a victim's PC. I need help moving the file link into as many pedophile/zoophile community's as possible to maximize ransom payout (I contact feds regardless of payment made.) I wish to hire a couple people to expand my reach. Payment: 1. 30% of crypto found in wallets. 2. all stolen credentials. 3. pedo/zoo dox information. 4. 20% of the ransom. PM me if interested.

In a hacker forum monitored by SOCRadar, a new RAT tool sharing post is detected. https://image.socradar.com/screenshots/2023/06/23/f2b81d3f-8136-43ea-8620-c3954053ee00.pngSorillus Rat Cracked ========== Sorillus is Remote Access Trojan written in Java, that means that Server and Client is running on all operating systems (e.g. Windows, Linux, Mac). What is Sorillus Rat? Sorillus is a platform-independent R.A.T (Remote Access Trojan) written in Java, that can help a pentester to get full remote access to any device that can run Java. This rat can infect Linux devices as well as mac os and other os like widows. their developer is planning to make a new version that can hack android as well so its not just a cross-platform rat its stub is also cross-platform supported. Features System: •Pop-up: Display pop-up messages on the victims' screen. •Clipboard: Access and manage the victim's clipboard contents. •Open URL: Open a specified URL on the victim's browser. •Show IP: Retrieve and display the victim's IP address. •Report: Generate and send reports regarding system status and activities. •Shutdown: Remotely shut down the victim's system. Surveillance: •Screenshot: Capture screenshots of the victim's screen. •Remote desktop: View and control the victim's desktop remotely. •Remote cam: Access and view the victim's webcam remotely. •Remote microphone: Listen to audio from the victim's microphone remotely. •Key logger: Record and monitor keystrokes on the victim's system. [banner_200x200] {banner_200x200} [/banner_200x200] Fun: •Play sound: Play customized sounds on the victim's system. •Black screen: Turn the victim's screen black for privacy or focus purposes. •Image walk: Display a series of images in a slideshow format. Contact: •Text-Chat: Engage in text-based communication with the victim. Custom: •Alias: Assign customized aliases or names to victims for easier identification. •Notes: Add and manage personal notes or annotations for each victim. Debug: •Thread: Monitor and manage threads within the application. •Instances: Track and manage multiple instances of the application. Advanced Controls: •Remote Shell: Execute remote commands on the victim's system. •File Manager: Access and manage files and directories on the victim's system. •Processes: View and manage running processes on the victim's system. •Password Recovery: Recover passwords from supported browsers. •Plugins: Extend the functionality of the application with custom plugins. •Close Views: Close specific views or modules within the application. Installation: •Add Autostart: Add payload to the auto start folder so it will automatically start with startup apps. •Update Client: Update the victim's payload to the latest version. •Uninstall & Disconnect: Remove the client software and disconnect from the system. Connection: •Reconnect: Reconnect a connection with a previously connected victim. •Disconnect: Disconnect the connection with a victim. Whatsapp Discord: *****#***** Telegram: https://t.me/******

In a hacker forum monitored by SOCRadar, a PoC share is detected for RAT with Google Calendar. https://image.socradar.com/screenshots/2023/06/22/732bb041-e4f3-4db3-b9dc-2be6f2b6a17d.pngGoogle Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure. To use GRC, only a Gmail account is required. The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar. The target will connect directly to Google." How it works​ GCR attempt to connect to a valid shared Google Calendar link and after generating a unique ID check for any yet-to-be-executed commands. If it is not able to find any command, it creates a new one (fixed to "whoami") as a proof of connection. Every event is composed by two part: - The Title, which contains the unique ID, it means you can schedule multiple commands creating events having the same unique ID as name https://image.socradar.com/screenshots/2023/06/22/9c51ff59-1529-4f37-a2bb-db287ad7f64c.png- The Description, which contains the command to execute and the base64 encoded output using the pipe symbol as separator "|" https://image.socradar.com/screenshots/2023/06/22/c3a5ed58-3501-46a8-83a2-e5efa59f2a55.pngHow to use it​ Setup a Google service account and obtain the credentials.json file, place the file in the same directory of the script Create a new Google calendar and share it with the new created service account Edit the script to point your calendar address Once executed on the target machine an event with a unique target ID is automatically created autoexecuting the "whoami" command Use the following syntax in the event description for the communication => CLEAR_COMMAND|BASE64_OUTPUT Examples:​ "whoami|" "net users|" The date is fixed on May 30th, 2023. You can create unlimited events using the unique ID as the event name.

In a hacker forum monitored by SOCRadar, a new RAT malware sale is detected. https://image.socradar.com/screenshots/2023/06/08/52561476-73d6-42c1-a88b-342c87ffa460.pngPrice $15K / month OR $100K Lifetime ABOUT THE PROJECT I want to introduce to you a private RAT with over 20,000 hours of development (since 2017). This RAT is called Dark-Gate. The goal of this malware service is to provide you all the necessary steps for distribute, hold & work with your bots from a single place. You can read about the Malware analysis from version 1.0 (5 years ago) here hxxps[://]www[.]fortinet[.]com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign Since then, every single feature has been meticulously curated to bypass AV's at runtime, during any possible moment PAYLOAD DELIVERY The builder; which is conveniently built into the server (GUI), includes the option for 6 different forms of payload delivery (so you never need to look elsewhere) LNK MSI  AUTOIT  (recommended) VBS  EXE + 2 DLL's & More to come FEATURES DOWNLOAD & EXECUTE ANY FILE DIRECTLY TO MEMORY (Native, .NET x86 and x64 files) HVNC & HANYDESK REMOTE DESKTOP HIGH QUALITY FILE MANAGER, WITH FAST FILE SEARCH AND IMAGE PREVIEW REVERSE PROXY KEYLOGGER WITH ADVANCED CONTROL PANEL (SUPPORTS EVEN UNICODE TEXT) PRIVILEGE ESCALATION (NORMAL TO ADMIN / ADMIN TO SYSTEM) WINDOWS DEFENDER EXCLUSION (IT WILL ADD C:/ FOLDER TO EXCLUSIONS ) DISCORD TOKEN, BROWSER HISTORY, COOKIE STEALER, SKYPE, BROWSER RECOVERY SPECIAL BROWSER EXTENSION FOR LOADING COOKIES DIRECTLY INTO A BROWSER PROFILE ADVANCED MANUAL INJECTION PANEL CHANGE DOMAINS AT ANY TIME FROM ALL BOTS (Global extension) CHANGE MINER DOMAIN AT ANY TIME FROM ALL BOTS (Global extension) REALTIME NOTIFICATION WATCHDOG (Global extension) ADVANCED CRYPTO MINER SUPPORTING CPU AND MULTIPLE GPU COINS (Global extension) ROOTKIT WITHOUT NEED OF ADMINISTRATOR RIGHTS OR .SYS FILES (COMPLETLY HIDE FROM TASKMANAGER) INVISIBLE STARTUP, IMPOSIBLE TO SEE THE STARTUP ENTRY EVEN WITH ADVANCED TOOLS

 In a hacker forum monitored by SOCRadar, a new RAT sharing is detected. https://image.socradar.com/screenshots/2023/06/07/439047aa-5dbe-4b04-8eaf-66e078953b67.pngDoge Rat ========== Features Real time custom web view notification reader notification sender (send custom notification that apper on target device with custom click link) show toast message on target device (Toasts are messages that appear in a box at the bottom of the device) receive information about simcard provider [banner_200x200] {banner_200x200} [/banner_200x200] vibrate target device receive device location receive all target message send sms with target device to any number send sms with target device to all of his/her contacts recive all target contacts receive list of all installedd apps in target device receive any file or folder from target device delete any file or folder from target device capture main and front camera capture microphone (with custom duration) receive last clipboard text auto start after device boot Keylogger {Availbe in apk v1 and v2} Beautiful telegram bot interface - Undetectable by antivirus Discord: ***#*** Telegram: https://t.me/***

 In a hacker forum monitored by SOCRadar, a new RAT share is detected. https://image.socradar.com/screenshots/2023/06/07/8e930b3f-b88e-45eb-958e-38d27211d1b9.pngANARCHY PANEL RAT 4.7 Cracked ========== Tools:Icon Changer - Multi Binder [Icon - Assembly] | Fud Downloader [HTA-VBS-JS-WSF] - XHVNC - BlockClients Features: Information, Monitor [Mouse - Keyboard - AutoSave] , Run File [Disk - Link - Memory - Script - RunPE] , WebCam [AutoSave] , Microphone , System Sound , Open Url [Visible - Invisible] , TCP Connections , ActiveWindows , Process Manager , Clipboard Manager , Shell , Installed Programs , DDos Attack , VB.Net Compiler , Location Manager [GPS - IP] , File Manager , Client [Restart - Close - Uninstall - Update - Block - Note] Options: Power [Shutdown - Restart - Logoff] , BlankScreen [Enable - Disable] , TaskMgr [Enable - Disable] , Regedit [Enable - Disable] , UAC [Enable - Disable] , Firewall [Enable - Disable] ,.NET 3.5 Install , Disable Update , Run Shell, Invoke-BSOD Password Recovery : Bookmarks - Browsers - All-In-One - DicordTokens , FileZilla - ProduKey - WifiKeys - Email Clients [banner_200x200] {banner_200x200} [/banner_200x200] Pastime : CD ROOM [Open - Close] , DesktopIcons [Show - Hide] , SwapMouse [Swap - Normal] , TaskBar [Show - Hide] , Screen [ON-OFF] , Volume [Up - Down - MUTE] , Start [Show - Hide] , Clock [Show - Hide] , Text Speak , Explorer [Start - Kill] , Tray Notify [Show - Hide] Extra 1 : KeyLogger , Client Chat ,FileSeacher ,USB Spread , Bot killer , PreventSleep , Message Box ,Change Wallpaper , DeleteRestorePoints , UAC Bypass [RunAs - Cmstp - Computerdefaults - DismCore] , Run Clipper [All Cryptocurrencies] Extra 2 : Ransomware [Encrypt - Decrypt] , Ngrok Installer , HVNC , Hidden RDP ,WDDisable , W.D.Exclusion , Install [Startup - Registry - schtasks] Requirements : ? .Net Framework 4.5 [Controller] ? .NET Framework 4.0 [Client] Discord: ***#** Telegram: https://t.me/****

In recent cybersecurity news, a new and highly sophisticated remote access trojan (RAT) called GobRAT has emerged, specifically targeting Linux routers. This Go language-based malware has been observed infecting routers in Japan, leveraging vulnerabilities and open WEBUIs to gain unauthorized access. This advanced malware has recently been identified by JPCERT/CC. Attack Flow  GobRAT's infiltration begins with the attacker identifying routers with publicly accessible web interfaces (WEBUIs) as potential targets. Through the exploitation of vulnerabilities within the router's scripts, the attacker gains a foothold and successfully infects the system with GobRAT. Central to this process is the Loader Script, which acts as the initial loader, responsible for performing a range of critical functions. https://image.socradar.com/screenshots/2023/05/29/67d6a31a-5502-48c1-9612-ee723a17ca68.pngFigure 1. Demonstrates how the attack progresses until GobRAT successfully infects the router. (Source: JPCERT/CC) The Loader Script assumes the role of a versatile utility, featuring functionalities such as script generation, GobRAT downloading, firewall disabling, creation of a persistent Start Script, and the execution of a Daemon Script. Notably, the Loader Script incorporates a hard-coded SSH public key, potentially offering a backdoor entry point for the attacker. Persistence is achieved through the registration of the Start Script's file path in the crontab, ensuring GobRAT's continuous operation. The Start Script assumes a pivotal role in executing GobRAT within the compromised router. Distinguishing itself with a unique characteristic, the script logs the system's startup time in a file named "restart.log." To obfuscate its presence, GobRAT is executed under the guise of a legitimate process, appearing as "apached." GobRAT boasts an extensive repertoire of 22 executed commands, dictated by instructions received from the C2 server. Tailored for router environments, the commands encompass functions such as obtaining machine information, executing reverse shells, file read/write operations, C2 reconfiguration, SOCKS5 proxy initiation, execution of files in specific directories, and even attempts to log in to services like SSH, Telnet, Redis, MySQL, and PostgreSQL running on other machines. You can read the JPCERT/CC analysis here. (https://blogs.jpcert.or.jp/en/2023/05/gobrat.html)IOCs C2 https[:]//su.vealcat[.]com http[:]//su.vealcat[.]com:58888 https[:]//ktlvz.dnsfailover[.]net http[:]//ktlvz.dnsfailover[.]net:58888 su[.]vealcat[.]com ktlvz[.]dnsfailover[.]net wpksi[.]mefound[.]com Hashes of Scripts (SHA-256) 060acb2a5df6560acab9989d6f019fb311d88d5511f3eda0effcbd9fc6bd12bb feaef47defd8b4988e09c8b11967e20211b54e16e6df488780e2490d7c7fa02a 3e44c807a25a56f4068b5b8186eee5002eed6f26d665a8b791c472ad154585d1 60bcd645450e4c846238cf0e7226dc40c84c96eba99f6b2cffcd0ab4a391c8b3 Malware files (SHA-256) a8b914df166fd0c94106f004e8ca0ca80a36c6f2623f87a4e9afe7d86b5b2e3a aeed77896de38802b85a19bfcb8f2a1d567538ddc1b045bcdb29cb9e05919b60 6748c22d76b8803e2deb3dad1e1fa7a8d8ff1e968eb340311fd82ea5d7277019 e133e05d6941ef1c2e3281f1abb837c3e152fdeaffefde84ffe25338fe02c56d 43dc911a2e396791dc5a0f8996ae77ac527add02118adf66ac5c56291269527e af0292e4de92032ede613dc69373de7f5a182d9cbba1ed49f589ef484ad1ee3e 2c1566a2e03c63b67fbdd80b4a67535e9ed969ea3e3013f0ba503cfa58e287e3 98c05ae70e69e3585fc026e67b356421f0b3d6ab45b45e8cc5eb35f16fef130c 300a92a67940cfafeed1cf1c0af25f4869598ae58e615ecc559434111ab717cd a363dea1efda1991d6c10cc637e3ab7d8e4af4bd2d3938036f03633a2cb20e88 0c280f0b7c16c0d299e306d2c97b0bff3015352d2b3299cf485de189782a4e25 f962b594a847f47473488a2b860094da45190738f2825d82afc308b2a250b5fb 4ceb27da700807be6aa3221022ef59ce6e9f1cda52838ae716746c1bbdee7c3d 3e1a03f1dd10c3e050b5f455f37e946c214762ed9516996418d34a246daed521 3bee59d74c24ef33351dc31ba697b99d41c8898685d143cd48bccdff707547c0 c71ff7514c8b7c448a8c1982308aaffed94f435a65c9fdc8f0249a13095f665e Enhancing Security Measures with SOCRadar Threat actors and Advanced Persistent Threat (APT) groups use various techniques and tools to accomplish their goals. Monitoring and comprehending these adversaries’ actions is critical. It offers valuable insights into their current Tactics, Techniques, and Procedures (TTPs) that may be more important than frequently altered Indicators of Compromise (IoCs). SOCRadar notifies you about threat groups’ actions and enables you to establish use cases that more efficiently identify and thwart malicious activities. https://image.socradar.com/screenshots/2023/05/29/2c1ea86f-46cd-4c77-a7eb-02c2de8cbad8.pngSOCRadar Threat Actor / Malware Tracking page

In a hacker forum monitored by SOCRadar, a new RAT malware share is detected for Android. https://image.socradar.com/screenshots/2023/05/28/8877761f-0d79-4ce9-b8df-f04b28599240.pngEverspy Rat - The most powerful Rat for Android (Free, unrestricted use) Everspy 2023 is a powerful software designed for remote monitoring and control of a user's cell phone. With a comprehensive range of features, it allows the user to discreetly access and manipulate various aspects of the target device. From screen control and call recording to intercepting messages and accessing contacts, Everspy offers extensive control over the device's functionalities. Additionally, it includes advanced capabilities such as bypassing banking app security, capturing keystrokes through a keylogger, and even wiping data from the phone. Everspy operates stealthily, remaining undetectable while providing continuous updates for enhancements and fixes. It is a versatile tool for monitoring and managing targeted devices, ensuring maximum control and flexibility for various applications. https://image.socradar.com/screenshots/2023/05/28/d0a2c30f-1404-4082-b2d3-6228b09c742b.pngFeatures 1. Screen Control: Enables full control of the user's cell phone with touch interaction. 2. Ghost Mode (Available only in the Ultimate version): Displays an image on the user's device during control for discreet operation. 3. Ghost Mode Push Notification (Available only in the Ultimate version): Sends a push notification to the user's device, appearing as an Android update screen, prompting them to update while Ghost Mode is active. 4. Freeze Screen: Temporarily freezes the user's screen while maintaining control. 5. Bypass Banking App Security: Overcomes security measures in some banking applications that display a black screen to protect against remote access or screen recording. 6. PNG Exploit (No longer functional, currently unavailable): Formerly camouflaged malicious files as PNG image files, resulting in immediate device infection. 7. Automatic Permission Granting: All necessary permissions are automatically granted once Accessibility is activated. 8. Fully Undetectable APK: The malicious app installs without raising any alerts or triggering detection mechanisms. 9. Call Recording: Records all user phone calls offline. 10. Future Updates: Continuous updates and corrections are available within the Everspy folder. Simply run the Everspy Update file to download the latest enhancements and fixes. 11. Phisher: Displays fake apps, such as Gmail and Facebook, to capture user access. 12. Messages: Sends and intercepts SMS through the user's cell phone. 13. Contacts: Intercept and access contacts on the user's cell phone. 14. Camera: Accesses the front and rear cameras. 15. Wipe Data: Erases all data on the user's phone, restoring it to factory settings. 16. Edit Socket: Adds or removes TCP ports and IP addresses for server and client connections. 17. Download APK: Downloads files of various types to the user's device, excluding APK files. 18. Open a Link: Opens a specified link in the user's default browser. 19. Toaster: Displays a message on the user's screen. 20. Notifications: Intercepts notifications on the user's cell phone. 21. File Manager: Views and has full control over files on the user's device. 22. Applications: Views and opens apps on the user's device. 23. Keylogger: Captures and records the user's keystrokes, both offline and online. 24. Accounts: Views connected user accounts. 25. Call Logs: Views all outgoing and incoming calls on the user's device. 26. Info: Views device specifications and details of the user's cell phone. 27. Location: Provides precise location tracking of the user. Disclaimer The user assumes full and exclusive responsibility for the utilization of the everspy tool and acknowledges that any material, personal information, images, or other damages of any nature that may arise from the use of the everspy tool are solely their own responsibility. The Everspy Rat is a malicious software that requires all antivirus and firewall protections on the computer to be completely disabled before it can be used.

 In a hacker forum monitored by SOCRadar, a new RAT sharing is detected. https://image.socradar.com/screenshots/2023/05/23/468820d5-95f5-4aac-8e62-7a070a4e8733.pngRafel Rat+Tutorial Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features.. ========== Main Features : Admin Permission Add App To White List(Ignore Battery Optimisation) Looks Like Legit Mod App Runs In Background Even App is Closed(May not work on some Devices) Accessibility Feature(Cause Erros in some device --> ignore it) Support Android v5 - v12 No Port Forwarding Needed Acquire Wakelock Fully Undetectable Bypass PlayProtect WipeSdcard Lock Device Screen Change Wallpaper Ransomware Vibrate Device Delete Calls Logs Notify Victims Via Discord steal notifications(send through discord) Added AutoStart For (poco,xiaomi,oppo,vivo,LetV,Honor) Building Apk With Android Studio Open Project BlackMart in Android Studio Put the command.php link of server in InternalService.class class Now open NotificationListener.java and enter replace with your discord webhook url Build the Project Zipalign and sign the Apk... Building Apk with ApkEasyTool: Download BlackMartapk and decompile with Apktool and navigate to smali_classes2\com\velociraptor\raptor Open InternalService.smali Replace this with your Panel Url const-string v0, "https://your-webpanel-url/public/commands.php" Now open NotificationListener.smali and enter replace with your discord webhook url Building Server. Upload Files in server Folder to Your HostingPanel Now Open login.php Enter Username Hande Password Ercel Note : Make Sure your webhosting site uses Https and should have valid connection...I recommend 000webhost.com You can now use panel to send commands and also refresh after it Discord: ***#*** Telegram: https://t.me/**** Download Rafel Rat Rafel Rat Rafel Rat Download Link

In a hacker telegram channel monitored by SOCRadar, an android banking botnet selling is detected. https://image.socradar.com/screenshots/2023/05/30/847f997e-ad10-4b80-9c1f-4b51c9e449be.pngAndroid RAT ✅️ Android Banking BotNet is a Advance builder, modernized and updated. Apk (build) + admin file (in two languages with the ability to replace ENG TR). Works on android versions 5 - 12 🕊 👑Features👑 ✔️LAUNCH USSD ✔️Application launch ✔️GET ALL INSTALLED APPS ✔️ENABLE CRYPTOLOCKER ✔️TURN OFF CRYPTOLOCKER ✔️LAUNCH RAT / VNC ✔️SPAM SMS ✔️GET FULL CONTACT AND SEND SMS ✔️GET ALL SMS, ✔️READ ALL SMS, ✔️READ ALL APPLICATIONS INSTALLED ✔️IF BANKING SERVICE IS ACTIVE, YOU CAN SEE ALL BANK APPLICATIONS ✔️REMOVE FROM PANEL AND UNINSTALL RAT (IF YOU WANT) ✔️OPEN URL IN WEB BROWSER OR HIDDEN BROWSER ✔️SOCKS5 CONNECTIONS ✔️GET BANK INFO WITH MORE INJECTION ✅Dm: @***