Craxs Rat

Real-time GPS tracking and the ability to record ambient audio via the device’s microphone, turning the phone into a covert listening device.

A developer operating out of Syria under the pseudonym "EVLF" weaponized the leaked source code, adding highly stealthy payload features, custom obfuscation tools, and an intuitive Command and Control (C2) control panel.

(Remote Access Trojan) is a sophisticated and highly malicious software tool designed to give an attacker unauthorized remote control over a victim’s computer or mobile device. It belongs to the family of Remote Access Trojans (RATs) but is particularly notable for its advanced evasion techniques and broad range of spying capabilities. craxs rat

First documented in November 2024, G700 RAT represents the next generation of the Craxs RAT family. Developed in C# and Java, it exploits mobile app security gaps, intercepts SMS messages, abuses Android permissions, and hijacks cryptocurrency transactions. The variant uses Base64 encoding and APK encryption to evade detection.

This article provides a comprehensive analysis of Craxs RAT, covering its origins, technical capabilities, distribution methods, real‑world attacks, detection challenges, and the steps you can take to protect yourself. Real-time GPS tracking and the ability to record

Once Craxs RAT is installed and the victim grants accessibility permissions, the attacker gains a long list of remote control capabilities:

The "RAT" designation is fitting—cybersecurity experts note that the term's double meaning as "remote access trojan" and the English word for "rat" mirrors how the malware operates: burrowing deep into a system, stealing data in silence, and evading capture. It belongs to the family of Remote Access

Craxs RAT is considered exceptionally dangerous due to its extensive suite of invasive features. The builder allows attackers to customize the malware with specific modules:

, allowing hackers to bypass two-factor authentication (2FA) for banking apps. Evasion & Persistence: Craxs Rat can disable Google Play Protect

is a rebranded version of Craxs RAT being distributed through the Odysee video platform and Telegram channels. It adds banking phishing overlays, crypto wallet credential theft, Telegram bot exfiltration, remote shell execution, and even ransomware components.