SurxRAT Distributes Commercial Android Malware Platform

Researchers at Cyble Research and Intelligence Labs report SurxRAT, a commercial Android RAT sold via Telegram MaaS, has produced over 180 samples and claims 1,300 registered users. The SURXRAT V5 platform uses Firebase C2, offers reseller and partner licensing tiers, abuses Android Accessibility Services, and conditionally downloads a >23GB LLM module, signaling evolving automated-threat capabilities.
Key Points
- 1Identifies SurxRAT commercial MaaS selling customizable Android RATs with surveillance and ransomware modules.
- 2Highlights affiliate licensing model and Telegram marketing, indicating rapid criminal ecosystem growth (1,300 users).
- 3Warns practitioners to monitor Firebase C2, accessibility abuse, and AI LLM modules exceeding 23GB.
Scoring Rationale
High relevance and novel LLM-equipped MaaS increases threat significance, tempered by single-source reporting and evolving functionality.
Sources
Public references used for this report.
Practice with real Banking data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Banking problems