The Rise of RatOn: From NFC heists to remote control and ATS

216.73.216.6

The Rise of RatOn: From NFC heists to remote control and ATS

· Published 09/09/2025 21:06 · Modified 09/09/2025 22:06

Essential information

Published: 09/09/2025 21:06
Modified: 09/09/2025 22:06
Tags: 2025-09-09 android ats banking trojan cryptocurrency nfc relay nfskate overlay attacks rat raton
Related entities: 23 observables, 1 intrusion sets (apt), 3 techniques (mitre), 2 others

Description

A new Android banking trojan named RatOn has emerged, combining NFC relay attacks with remote access and automated transfer capabilities. Discovered by analysts monitoring the NFSkate threat group, RatOn targets cryptocurrency wallets and banking applications, particularly in the Czech Republic and Slovakia. The malware is distributed through adult-themed websites and employs a multi-stage infection process. RatOn features overlay attacks, automated money transfers, and cryptocurrency wallet takeovers. It demonstrates sophisticated capabilities, including screen casting, PIN interception, and extensive bot commands. The trojan's evolution from a basic NFC relay tool to a complex RAT with ATS functionality makes it a significant threat in the mobile malware landscape.