Radzarat Trojan Masquerades as PDF Converter on Android

A new Android Trojan called Radzarat is deceiving users by posing as legitimate PDF-conversion apps on the Google Play Store. Once installed, it works silently in the background to steal sensitive data and sign users up for costly premium services.

Radzarat first registers a device with its control server to receive future commands. Then it hides its app icon, making it invisible in the app launcher so that victims don’t realize it’s active on their phones.

The Trojan continuously runs a background service that harvests personal information such as IMEI number, SIM card details, device model, and mobile number. It also sends this data to the attacker-controlled server.

Next, Radzarat tries to trick the user into granting Accessibility Service rights. These permissions allow the malware to monitor screen content and simulate touches, enabling it to navigate through the phone automatically.

After getting accessibility access, Radzarat listens for prompts from specific target apps (like banking or payment apps). When a target app is launched, the Trojan overlays a fake screen asking users to sign up for “premium” versions or enter sensitive financial details — effectively leading to fraud.

Developers deployed Radzarat in such a way that it’s hard to detect or uninstall. By disabling the app icon and using root-level rights, it stays persistent even after a reboot, and it tries not to raise alarms on the device.

Security firms warn that this Trojan is particularly dangerous because of its silent mode of operation and its capacity to hide in plain sight. Users are strongly advised to:

• Avoid installing unfamiliar PDF or document-conversion apps
• Check their app list in settings if they suspect something malicious
• Avoid granting accessibility permissions to apps that don’t need them
• Use a reputable mobile security solution that can detect and remove advanced malware