BIG SHARK Android RAT Cracked & Leaked from Chinese Market

A significant cybersecurity threat has emerged as the BIG SHARK Android Remote Access Trojan (RAT), a cracked version of the infamous Craxs 7.6 RAT, has been leaked online. 

This development highlights the evolving risks posed by malicious actors exploiting Android devices globally.

The BIG SHARK RAT is a derivative of the Craxs RAT, a highly sophisticated malware tool initially developed for remote control of Android devices. 

Craxs RAT has been linked to cybercrime activities such as banking fraud, cryptocurrency theft, and phishing campaigns. The cracked BIG SHARK version retains many of the original features but introduces slight modifications and protections.

It reportedly takes 20-30 seconds to initialize due to its embedded security mechanisms.

This RAT enables attackers to:

• Gain complete administrative control over infected devices.
• Stealthily monitor user activity through screen capture and keylogging.
• Exploit vulnerabilities for privilege escalation.
• Deploy additional malware or ransomware payloads.

Technical Background of Craxs RAT

The Craxs RAT family, including BIG SHARK, is typically coded in C# for its server-side operations and Java for its Android APKs. 

These tools are often packed with obfuscation techniques such as DNGuard to evade detection by antivirus software. The cracked BIG SHARK version appears to mimic these characteristics, making it a potent threat.

The cracked BIG SHARK RAT has been shared on underground forums, with download links hosted on platforms like MediaFire and AnonymFile. These links are being circulated widely among cybercriminal communities. 

The malware is designed to infiltrate devices through malicious APK files disguised as legitimate apps, often distributed via phishing campaigns or fake websites.

Once installed, the RAT operates covertly, avoiding detection by traditional security measures. It provides attackers with capabilities such as:

• Extracting sensitive data like login credentials and financial information.
• Hijacking cameras and microphones for surveillance.
• Using infected devices as proxies for further attacks.

Originally developed by a threat actor known as “EVLF,” its source code was leaked in 2020, leading to numerous customized variants. 

Recent reports suggest that Craxs RAT has been actively marketed on Chinese underground forums since its original developer sold their distribution channel in 2023. This shift has likely facilitated the emergence of variants like BIG SHARK.

Organizations should educate employees about phishing risks, implement robust endpoint protection solutions, and regularly update Android devices to patch vulnerabilities.

The emergence of BIG SHARK underscores the persistent evolution of Android-targeted malware and the urgent need for vigilance in the face of these threats.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here