Because the builder creates heavily obfuscated packages, it is difficult for standard antivirus software to detect the malware.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
: The primary function of Cypher RAT EVLF is to provide the attacker with complete control over the infected device. This includes accessing files, capturing screenshots, recording keystrokes, and even using the device's webcam and microphone for surveillance.
Threat actors who purchase CypherRAT use a "builder" tool to create custom, highly obfuscated APK files that can bypass initial security scans. EVLF DEV-The Creator of CypherRAT and CraxsRAT - cyfirma
The developer, , managed this operation like a legitimate software business out of Syria. Instead of launching attacks directly, EVLF operated an online surface web store and a Telegram channel with over 10,000 subscribers to sell the software.
The enhanced evasion techniques of EVLF pose a challenge for traditional signature-based detection systems, necessitating more advanced, behavior-based security solutions.
The Cypher RAT EVLF Exclusive poses a significant threat to organizations and individuals due to its ability to:
: Craxs RAT v7 is the current "flagship" of EVLF’s portfolio, offering even more advanced obfuscation and multi-language support (English, Arabic, Turkish, Chinese).
Cypher RAT (Cypher/EVLF) — Overview Cypher is a modular remote access trojan (RAT) observed targeting Windows systems. It provides attackers with persistent, stealthy remote control and a wide range of post-compromise capabilities, including command execution, file transfer, keylogging, screen capture, credential theft, and remote shell access. Operators typically deploy Cypher via social engineering, malicious documents (macro-enabled Office files), or bundled installers that exploit user trust and delivery chains.
Find related to this type of malware.