New Android RAT uses Near Field Communication to automatically steal money from devices – TechRadar


Published on: 2025-09-10

Intelligence Report: New Android RAT uses Near Field Communication to automatically steal money from devices – TechRadar

1. BLUF (Bottom Line Up Front)

The most supported hypothesis is that the Raton malware represents a significant evolution in Android-based financial threats, leveraging NFC technology to automate unauthorized transactions. Confidence level: High. Recommended action: Enhance cybersecurity measures for mobile banking applications and educate users on recognizing and avoiding malicious apps.

2. Competing Hypotheses

Hypothesis 1: Raton is a highly sophisticated malware specifically designed to exploit NFC technology for financial theft, indicating a new trend in mobile cyber threats.
Hypothesis 2: Raton’s discovery is an isolated incident, and its impact is limited due to its current geographical focus and distribution method through a fake TikTok app.

3. Key Assumptions and Red Flags

Assumptions:
– Hypothesis 1 assumes that the integration of NFC relay attacks with traditional malware techniques will become a common strategy among cybercriminals.
– Hypothesis 2 assumes that the malware’s impact is constrained by its distribution method and regional targeting.

Red Flags:
– The rapid development and deployment timeline of Raton suggest a well-resourced and organized group behind its creation.
– The reliance on a fake TikTok app for distribution could be a diversion tactic, masking broader distribution strategies.

4. Implications and Strategic Risks

The emergence of Raton could signal a shift towards more sophisticated mobile malware that exploits NFC technology, potentially leading to widespread financial theft. If not addressed, this could undermine trust in mobile banking apps and cryptocurrency wallets, impacting economic stability. The malware’s current regional focus on Czechia and Slovakia could expand, posing a broader geopolitical risk.

5. Recommendations and Outlook

  • Enhance mobile app security protocols, particularly for banking and cryptocurrency applications, to detect and prevent NFC-based attacks.
  • Conduct user awareness campaigns to educate on the risks of downloading apps from unofficial sources.
  • Scenario-based projections:
    • Best Case: Effective countermeasures are implemented, limiting Raton’s spread and impact.
    • Worst Case: Raton evolves further, leading to widespread financial losses and undermining trust in mobile financial technologies.
    • Most Likely: Raton’s impact remains geographically limited but prompts increased security measures globally.

6. Key Individuals and Entities

– George Esko: Mentioned in context with a banking app targeted by the malware.
– ThreatFabric: The entity that published the report on Raton.

7. Thematic Tags

national security threats, cybersecurity, counter-terrorism, regional focus

New Android RAT uses Near Field Communication to automatically steal money from devices - TechRadar - Image 1

New Android RAT uses Near Field Communication to automatically steal money from devices - TechRadar - Image 2

New Android RAT uses Near Field Communication to automatically steal money from devices - TechRadar - Image 3

New Android RAT uses Near Field Communication to automatically steal money from devices - TechRadar - Image 4