Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Arabic Speaking Threat Actor Recycling SpyNote RAT Code

Mobeebom: A new threat actor, who has been seen on multiple different forums and social media, primarily speaking Arabic, is going by the name Mobeebom. He uses poor English grammar when speaking on English-based forums but has been seen on them using different pseudonyms. Mobeebom has created threads in these forums offering to sell his Android RAT called MobiHok v4. MobiHok is based in Visual Basic .NET and android studio code, which enable full control and extensive capabilities over infected devices. Mobeebom intends to make MobiHok the number one selling android RAT on the market, and his latest release advertised that he can bypass Facebook authentication. The new Rat is based on the SpyNote RAT, which leads researchers to believe that he obtained that source code and altered it to make it his own for sale. The malware is for sale on multiple forums, social media and even a website that the actor runs himself.

Analyst Notes

The new RAT has many similarities to the older SpyNote RAT, and the threat actor, who is trying to market their new RAT as the next best RAT, is having a hard time doing so because most of his clients see that they are very similar.