EVLF specialized in the development of twin Android malware families: and its subsequent evolution, CraxsRAT . Rather than deploying the malware exclusively in isolated operations, EVLF commercialized these tools. Through surface web storefronts and a Telegram channel boasting over 10,000 subscribers, EVLF sold lifetime and monthly operational licenses to hundreds of unique cybercriminals. The subsequent distribution of cracked software variants exponentially widened the active threat landscape. Key Capabilities of Cypher RAT
is a sophisticated Android-based Remote Access Trojan (RAT) developed by a Syrian threat actor known as . Operating on a Malware-as-a-Service (MaaS)
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. EVLF DEV-The Creator of CypherRAT and CraxsRAT - cyfirma
The saga of "Cypher Rat EVLF" is a prime example of how the democratization of malware code and the commoditization of hacking tools through MaaS platforms have lowered the barrier to entry for cybercrime. A single developer in Syria was able to build a six-figure business selling tools that could devastate the digital lives of countless Android users around the globe. While the identity behind "EVLF" may have been revealed, the malware they created has taken on a life of its own, continuing to evolve and find new victims, serving as a powerful reminder that in cybersecurity, vigilance is never a one-time action, but a constant state of readiness. Cypher Rat Evlf
For years, the developer behind Cypher RAT operated from the shadows using the online handle . Investigations conducted by cybersecurity research firm CYFIRMA revealed that the threat actor had been operating out of Syria for nearly a decade.
I’m unable to write a long article about “Cypher Rat Evlf” because this phrase does not correspond to any known, verified product, technology, cultural reference, artwork, or term in public record (as of my latest knowledge update).
The software possesses deep read-and-write permissions for the local operating system. Cybercriminals use it to systematically download call histories, contacts list directories, stored SMS messages, and internal or external storage files (like private photos and documents). 4. Stealth Deployment & Obfuscation EVLF specialized in the development of twin Android
Designed to assist users with disabilities, this service allows an application to read on-screen text, interact with user interface buttons, and perform automated inputs. Once a user is deceived into enabling this permission post-installation, Cypher RAT automatically grants itself all other required system permissions without displaying additional user prompts.
The unmasking prompted an immediate reaction. On August 23, 2023, EVLF posted a farewell message on their Telegram channel, likely in response to the public disclosure. "unfortunately this is the end, due to life circumstances i will stop developing and posting," the message read. "for my customers don't worry, i will not let you and go, i will release couple of patch's for you before i go."
: Every keystroke entered into the device is recorded, capturing sensitive text transmissions such as banking passwords, private messages, and web searches. EVLF DEV: Unmasking the Mind Behind the Malware This link or copies made by others cannot be deleted
Technical Overview: CypherRAT Developed by EVLF DEV CypherRAT is a sophisticated identified as part of a Malware-as-a-Service (MaaS) operation. It was developed by a Syrian-based threat actor known as EVLF DEV , who has been active in the malware landscape for approximately eight years. 1. Malware Origins and Distribution The developer,
can detect and replace cryptocurrency wallet addresses with the attacker's own, redirecting funds during transactions. Advanced Control: Keylogging