Security Research

Easy guides to understand Android malware and keep your phone safe.

Malware ProfileDec 26, 2025

CraxsRat Architecture: Technical Analysis of Android Spyware

Technical documentation of the CraxsRat Remote Access Trojan (RAT), detailing its command and control structure, permission abuse, and infection vectors.

CraxsRat is a Remote Access Trojan (RAT) that gives hackers full control over Android devices.
It is often hidden inside 'Modded' apps like WhatsApp Plus or Spotify Premium.
Read article
Defense StrategyDec 25, 2025

Hardening Android Devices Against RATs: A Comprehensive Defense Guide

A defensive framework for protecting Android endpoints from modern remote access threats, focusing on attack surface reduction and permission auditing.

Use a 6-digit PIN and Biometrics; avoid Pattern locks which are easy to spy on.
Install 'Google Play System Updates' separately from regular OS updates.
Read article
Malware AnalysisDec 24, 2025

Technical Analysis: How CraxsRat V7.4 Evades Google Play Protect

In-depth technical analysis of the obfuscation, anti-emulator, and dynamic loading techniques used by the latest CraxsRat variant.

CraxsRat V7.4 uses 'Dynamic Loading' to download its malicious payload only AFTER installation.
It employs 'XOR Encoding' to hide strings and variables from antivirus scanners.
Read article
Vulnerability ResearchDec 22, 2025

Permission Abuse in Android: The Accessibility Service Vector

A technical overview of how malware exploits Android's Accessibility API for privilege escalation, and how to audit your permission settings.

Accessibility Service is the #1 vector used by modern Android malware for total takeover.
It allows apps to read your screen, 2FA codes, and password inputs.
Read article
Digital ForensicsDec 20, 2025

Digital Forensics: 5 Indicators of Remote Compromise

A guide to identifying subtle forensic artifacts of active spyware infection, including network anomalies, battery heuristics, and input injection.

Ghost Touches: Notification bars moving on their own is a sign of VNC (Remote Control).
Hot Phone: If your phone is hot while idle, spyware might be mining or uploading data.
Read article
Research MethodologyJan 2, 2026

Malware Lab Setup: Safe Analysis of Android RATs

Best practices for setting up a safe malware analysis environment, exploring static analysis with JADX and isolated sandbox execution.

99% of 'CraxsRat Download' links are fake and will infect YOUR computer.
Never run RAT samples on a personal phone; they can spread to your Wi-Fi network.
Read article
Malware AnalysisMar 24, 2026

CraxsRAT and BT Mob RAT: The Android Spyware Built by the Same Hacker

Comprehensive analysis of CraxsRAT and BT Mob RAT Android spyware families developed by EVLF, including infection methods, capabilities, real-world campaigns, and protection strategies.

CraxsRAT and BT Mob RAT are Android spyware families developed by the same hacker known as EVLF.
Both RATs abuse Android Accessibility Services to gain full device control silently.
Read article