Originally emerging as an evolution of the Kraken V1 malware, this newer version includes enhanced obfuscation, anti-analysis techniques, and banking fraud capabilities. It primarily targets online banking apps, cryptocurrency wallets, and payment services like PayPal, Google Pay, and banking apps worldwide.
Key Features of Kraken V2 Android Banking RAT
1. Remote Device Control
Live Screen Viewing – Attackers can see the victim’s screen in real time.
Keylogging – Records keystrokes to steal passwords and PINs.
File Management – Downloads, uploads, or deletes files remotely.
2. Banking Fraud & Credential Theft
Overlay Attacks – Displays fake login screens on top of legitimate banking apps.
SMS Interception – Captures OTPs (One-Time Passwords) for 2FA bypass.
Auto-Fill Abuse – Steals saved credentials from password managers.
3. Persistence & Evasion Techniques
Disguised as Legitimate Apps – Often hidden inside cracked APKs, fake updates, or pirated apps.
Anti-Emulation Checks – Detects if running in a sandbox (e.g., Android Virtual Device).
Rooting Exploits – Gains admin access for deeper infection.
4. Data Exfiltration & Spyware Capabilities
Contacts & Call Logs – Harvests personal data for phishing attacks.
GPS Tracking – Monitors victim’s location.
Microphone & Camera Access – Secretly records audio/video.
5. C2 (Command & Control) Communication
Encrypted C2 Servers – Uses HTTPS/TOR to avoid detection.
