![Pixel 9a launch is back on track [UPDATED]](https://m-cdn.phonearena.com/images/article/168989-two/Pixel-9a-launch-is-back-on-track-UPDATED.jpg?#){kind=tracking}
![Apple's M5 iPad Pro Enters Advanced Testing for 2025 Launch [Gurman]](https://www.iclarified.com/images/news/96865/96865/96865-640.jpg)
![M5 MacBook Pro Set for Late 2025, Major Redesign Waits Until 2026 [Gurman]](https://www.iclarified.com/images/news/96868/96868/96868-640.jpg)
![Apple to Revamp Health App with AI-Powered Doctor [Gurman]](https://www.iclarified.com/images/news/96870/96870/96870-640.jpg)
![What Google Messages features are rolling out [March 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![Charging clients to use an open source software and proprietary modules [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
OSAMU-NAKAMURA.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
.png?#)
An old Android RAT has returned with some new tricks - here is what to look out for
They say you can't teach an old dog new tricks, but this old RAT is back and more dangerous than ever.
- Sophos researchers found a new variant of PJobRAT
- Android RAT now targets Taiwanese users
- The RAT can run shell commands and exfiltrate data
PJobRAT, an Android Remote Access Trojan (RAT) which disappeared roughly six years ago, has made a rather quiet comeback, targeting users with some arguably more dangerous functionalities.
Cybersecurity researchers from Sophos’ X-Ops security team discovered new samples in the wild, noting the 2019 PJobRAT could steal SMS messages, phone contacts, device and app information, documents, and media files, from infected Android devices.
The new variant can also run shell commands: “This vastly increases the capabilities of the malware, allowing the threat actor much greater control over the victims’ mobile devices,” Sophos explains. “It may allow them to steal data – including WhatsApp data – from any app on the device, root the device itself, use the victim’s device to target and penetrate other systems on the network, and even silently remove the malware once their objectives have been completed.”
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)View Deal
Inactive campaign
The 2019 variant was mostly targeting Indian military personnel, by spoofing different dating and instant messaging apps.
The new variant seems to have ditched the dating angle, and focuses exclusively on being an instant messaging app.
In fact, Sophos says that the apps actually work, and that the victims, if they knew each other’s IDs, could even communicate to one another.
Speaking of the victims, the attackers no longer target Indians, and have instead switched to the Taiwanese.
Some of the apps found in the wild are called ‘SangaalLite’ (possibly a typosquatted version of ‘SignalLite’, an app used in the 2021 campaigns) and CChat (spoofing a legitimate app of the same name).
The apps were being distributed through WordPress sites, Sophos said, suggesting that they cannot be found on popular app stores. The sites have since been shut down, meaning that the campaign is probably completed, but the researchers reported them to WordPress anyway.
“This campaign was therefore running for at least 22 months, and perhaps for as long as two and a half years,” it was sad. However, it doesn’t seem to have been a large, or successful campaign, since the general public wasn’t the target.
You might also like
- Devious new Android malware uses a Microsoft tool to avoid being spotted
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
