accessibility permissions to untrusted applications.
Security researchers, including threat intelligence analysts at Cyfirma, have traced the origins of the developer behind CypherRAT to Syria, where the threat actor has allegedly been active for nearly a decade. Operating in the shadows, EVLF transformed malware development into a profitable business, generating an estimated $75,000 by selling these highly capable remote access tools. cypher rat evlf exclusive
EVLF’s tools are spread through various social engineering techniques and malicious campaigns designed to trick users into installing them. Common methods include: accessibility permissions to untrusted applications
Attackers can remotely activate the camera and microphone to take photos, record audio, or track the device's real-time geographic location. including threat intelligence analysts at Cyfirma