In depth analysis of Darkshades. A RAT infecting Android devices

Published by Avira

‘Darkshades’ is a RAT (Remote Access Trojan) that targets Android devices. It enables criminals to steal contacts, track location accurately, exfiltrate live SMS/MMS, grab card credential, capture screenshot, encrypt files and initiate DDOS attacks. Compared to other RAT families that are spread through Google Play apps, or third-party tools, the infection vector of this family of RATs does not have a stable infection strategy. Consequently, despite extensive functionality, Darkshades has kept a low profile: On Twitter it has been mentioned twice since 2017, and by the end of 2019 only two samples had been identified in the wild. Despite this, Avira found a sample in March 2020. In this blog, Bogdan Anghelache, threat researcher of the Android Detection Team at Avira, takes a deep dive into recent Darkshades samples and analyzes how they infect Android devices.

Download Now


Required fields*

Please agree to the conditions

By requesting this resource you agree to our terms of use. All data is protected by our Privacy Notice. If you have any further questions please email dataprotection@headleymedia.com.

Related Categories Email Security, Data Loss Prevention (DLP), Firewall