The SurxRAT Android remote-access trojan represents an evolving mobile threat that leverages downloaded large language model modules to automate malicious tasks, including generating tailored phishing content and autonomously interacting with device apps to steal data. This integration of AI with traditional RAT capabilities enhances evasion and requires a shift towards behavior-based detection and strict application controls. The article does not provide a CVSS score, specific affected versions, a fixed version, or a direct workaround.
A recent analysis reveals that SurxRAT , a new Android remote-access trojan, can download and run large language model (LLM) modules from third-party repositories to automate malicious tasks on infected devices. By integrating AI modules, SurxRAT can generate realistic phishing content, tailor social-engineering prompts, and interact autonomously with on-device apps and user interfaces to exfiltrate credentials or sensitive data. This evolution demonstrates how mobile threats are increasingly combining advanced automation with traditional RAT capabilities, raising the bar for evasion and persistence. With smartphones at the center of personal and business access, the report highlights the need for behavior-based threat detection and strict app controls.