The threat is EagleSpy V6.0, a rebranded CraxsRAT Android Remote Access Trojan distributed via Odysee and Telegram, which employs DEX packers for evasion. It provides attackers with extensive capabilities including banking phishing overlays, credential theft, remote shell execution, keylogging, and ransomware components, and it contains hidden update mechanisms that could also compromise its operators. The article serves as a cybersecurity awareness warning; no specific CVSS score, affected software versions, patches, or workarounds are provided for the malicious tool itself.
I recently investigated an individual operating through Odysee and Telegram who is selling a malicious Android RAT known as EagleSpy V6.0, which appears to be a rebranded version of CraxsRAT. During the investigation: \- I was financially scammed after payment \- The seller blocked communication afterward \- The malware infrastructure was analyzed in detail Technical analysis confirmed: \- Banking phishing overlays \- Crypto wallet credential theft \- Telegram bot exfiltration \- Remote shell execution \- Keylogging \- Camera/microphone access \- GPS tracking \- Ransomware components \- DEX packers for AV evasion \- Hidden update/backdoor mechanisms The repository also contained evidence of real victim infrastructure and compromised device information. The malware appears capable of targeting not only victims, but potentially even buyers/operators through embedded update systems and hidden control mechanisms. Relevant reports have already been submitted to platform abuse teams. Odysee channel involved: https://odysee.com/@justicerat:e Telegram: @JustIcedevs This post is intended purely as a cybersecurity awareness warning to help prevent additional victims. If moderators require technical validation or indicators of compromise, I can provide structured analysis details privately. submitted by /u/CranberryOk2634 [link] [comments]