A new Trojan for Android bypasses antivirus software and locks smartphones.
The Department for the Organization of the Fight Against the Illegal Use of Information and Communication Technologies (UBK) of the Ministry of Internal Affairs of Russia has identified a new threat for Android devices — the malicious software Drama RAT. This is not just a virus, but a remote control tool that steals data, gains access to banking applications, and can completely lock the owner's device.
The main technical feature of Drama RAT is its ability to remain undetected during classic checks. Inside the APK is an encrypted library that only unpacks in the RAM. This means that static analysis of the file does not reveal the threat: as long as the malware is inactive, it is simply invisible.
Distribution occurs through typical channels for such attacks: messengers, SMS, and email. To persuade the victim to voluntarily install the application, attackers use popular bait. In the mailings, they promise free access to ChatGPT or "Yandex.Music," a new VPN, mods for Minecraft. Additionally, there are files with business-like names — "Declaration" and "Invoice."
After installation, the user is asked to allow updates. It is under this pretext that the main malicious component is downloaded in the background. The next step is to request access to the Android Accessibility Service. As soon as the smartphone owner clicks "OK," the Trojan gains the ability to read the screen, intercept passwords, and simulate touches. After that, the program demands to set a PIN code — this code allows the attacker to lock the smartphone for the owner themselves.
An additional complexity for protection is created by the method of communication with the attackers' server. Drama RAT uses mutual authentication: the server checks a unique client certificate embedded in the library. According to UBK, intercepting such traffic with standard tools is extremely difficult.
Detailed analytics and specific recommendations for protection can be found on the official website of the Ministry of Internal Affairs of Russia for the Kirov region.
Другие Новости Кирова (НЗК)
Bondarev has joined the coordination council for interaction with the "Movement of the First."
The governor spoke about the changes in the composition of the council.
Kirov Region ranks 64th in gasoline availability.
Experts have prepared a new study.
В Репинском особняке впервые были выставлены дымковские игрушки начала XX века.
В честь 90-летия Кировской области в особняке купца Репина открыта выставка «Дочки-матери». В экспозиции представлены 17 игрушек, которые демонстрируются впервые, а также игрушки из ранних коллекций Вятского художественного музея. Всего в выставке представлены 45 игрушек, сообщили в
An aviation hub for business and tourists will appear in Kirov.
It will be located at the Pobedyilovo airport base.
Kirov Oblast ranks 64th in gasoline availability.
Experts have prepared a new study.
В 2026 году в пяти районах области пройдет акция здоровья «Добро в село».
Всероссийская профилактическая акция «Добро в село» осуществляется Министерством здравоохранения Кировской области при поддержке активистов движения «Волонтеры-медики», отметили в правительстве региона. С начала года студенты медицинских специальностей, в том числе будущие врачи, медсестры и фельдшеры, уже побывали в ФАПах Уржумского района.
A new Trojan for Android bypasses antivirus software and locks smartphones.
A malware called Drama RAT leaves no traces on the disk, resides in RAM, and uses the "Accessibility Service" to steal data. The Main Directorate for Combating Extremism of the Ministry of Internal Affairs of Russia warns: the Trojan spreads through messengers, email, and SMS under the guise of ChatGPT, "Yandex.Music," or files named "Declaration" and "Invoice."