Home News Radzarat Trojan Masquerades as PDF Converter on Android
News

Radzarat Trojan Masquerades as PDF Converter on Android

194
ZeroDayRAT spyware sold on Telegram enables real-time mobile surveillance, data theft, and financial fraud across Android and iOS devices.

A new Android Trojan called Radzarat is deceiving users by posing as legitimate PDF-conversion apps on the Google Play Store. Once installed, it works silently in the background to steal sensitive data and sign users up for costly premium services.

Radzarat first registers a device with its control server to receive future commands. Then it hides its app icon, making it invisible in the app launcher so that victims don’t realize it’s active on their phones.

The Trojan continuously runs a background service that harvests personal information such as IMEI number, SIM card details, device model, and mobile number. It also sends this data to the attacker-controlled server.

Next, Radzarat tries to trick the user into granting Accessibility Service rights. These permissions allow the malware to monitor screen content and simulate touches, enabling it to navigate through the phone automatically.

After getting accessibility access, Radzarat listens for prompts from specific target apps (like banking or payment apps). When a target app is launched, the Trojan overlays a fake screen asking users to sign up for “premium” versions or enter sensitive financial details — effectively leading to fraud.

Developers deployed Radzarat in such a way that it’s hard to detect or uninstall. By disabling the app icon and using root-level rights, it stays persistent even after a reboot, and it tries not to raise alarms on the device.

Security firms warn that this Trojan is particularly dangerous because of its silent mode of operation and its capacity to hide in plain sight. Users are strongly advised to:

  • Avoid installing unfamiliar PDF or document-conversion apps
  • Check their app list in settings if they suspect something malicious
  • Avoid granting accessibility permissions to apps that don’t need them
  • Use a reputable mobile security solution that can detect and remove advanced malware

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...