← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TAXISPY RAT : Analysis of TaxiSpy RAT Russian Banking Focused Android Malware with Full Remote Control
WHITE PetrP.73 2026-03-08 Modified: 2026-04-07
8
IOCs
LOW VOLUME
TaxiSpy RAT is an advanced Android banking Trojan integrated with Remote Access Trojan (RAT) functionality, primarily aimed at Russian financial institutions. This malware employs sophisticated evasion techniques, including native library encryption and rolling XOR string obfuscation, enabling it to operate stealthily. Its architecture facilitates comprehensive device surveillance, targeting SMS, call logs, contacts, and notifications, indicative of its financially motivated intent to steal sensitive information and remotely control devices.
http postfirebasesectionaccessibilityxor keyc2 serverotpsandroid bankingtrojanwebsocketandroidmalwarepushcryptowebviewpersistenceratsjsonapk rutaxiworker keycampaignfirebase xorcc e3c2 xor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
TaxiSpy RAT
Indicators of Compromise (1 / 8 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 6433aec29051cc17cc531606c0111eca52fedd58 SHA1 of 67d5d8283346f850eb560f10424ea5a9ccdca5e6769fbbbf659a3e308987cafd 2026-03-08
References (1)
↗ https://www.cyfirma.com/research/taxispy-rat-analysis-of-taxispy-rat-russian-banking-focused-android-malware-with-full-remote-control/