CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK files via messaging apps. CraxsRAT has extensive capabilities, including remote device control, data exfiltration, call and SMS interception, keylogging, and camera/microphone access. It uses various techniques to evade detection and removal. The trojan is believed to be used by both financially motivated groups and those engaged in cyber espionage. Over 140 unique samples have been identified, with the threat continuing to evolve and adapt to maintain its effectiveness.