Work from home (WFH) and Bring Your Own Device (BYOD) policies create risks for the enterprise environment if individual phones are threatened by targeted malware infection. Threat actors can attempt to pivot over wi-fi networks and establish persistence on misconfigured or vulnerable enterprise networks, or simply use direct access to the Android device to read sensitive work email and shared documents from the company. In addition, with RAT granting full control over the phone, this is a possibility that such access may be resold or licensed to other specialized threat actors for such purposes. Cybersecurity awareness education to guide end users in avoiding untrustworthy apps or apps with limited distribution is essential. Mobile Device Management (MDM), Network Access Control solutions, conditional access policies, and Identity and Access Management (IAM) are all essential technical and administrative controls for reducing this risks, as is a defense in depth strategy that includes Managed Detection and Response (MDR) and proactive threat hunting.

https://therecord.media/new-android-malware-records-smartphones-via-vnc-to-steal-passwords/

https://www.threatfabric.com/blogs/vultur-v-for-vnc.html