The Mastermind Behind CypherRAT and CraxsRAT


Published on Aug 23, 2023   —   3 min read

Members Only

The research division at CYFIRMA has unearthed a novel Malware-as-a-Service (MaaS) entity, operating under the alias EVLF DEV. This particular threat actor has been identified as the architect behind the creation of CypherRAT and CraxsRAT. Over the past three years, these Remote Access Trojans (RATs) have been acquired by more than 100 unique threat actors, each obtaining a lifetime license. Engineered with precision, these RATs grant an attacker the capability to execute real-time commands remotely, thereby gaining control over the victim's device functionalities such as the camera, geographical location, and microphone. In the ensuing research report, we will delve into a comprehensive analysis of the MaaS operator and the sophisticated malware they have developed, shedding light on the underlying mechanisms and potential countermeasures to mitigate such threats.

This post is for subscribers only

Subscribe now and have access to all our stories, enjoy exclusive content and stay up to date with constant updates.


Already have an account? Sign in

Share on Facebook Share on Linkedin Share on Twitter Send by email

Subscribe to the newsletter

Subscribe to the newsletter for the latest news and work updates straight to your inbox, every week.