How to Protect Android Apps Against CraxsRAT

Last updated February 8, 2024 by Appdome

Learn how to combine Appdome protections to block CraxsRAT in Android apps, in mobile CI/CD pipelines using a Data-Driven DevSecOps™ build system.

What is CraxsRAT?

CraxsRAT is a sophisticated Remote Access Trojan (RAT) capable of infecting Android operating systems by exploiting Android’s Accessibility Services. Accessibility Services are intended for users with disabilities, who may require additional assistance in interacting with their devices. They encompass a wide variety of functions, such as screen readers, speech-to-text, simulating keyboard input and touchscreen, approving/declining prompts, and more. The CraxsRAT trojan gains unauthorized access to Android Accessibility Services and abuses them for malicious purposes, such as intercepting or logging the mobile user’s keystrokes (keylogging), manipulating the touchscreen, and overriding the auto-selecting options. The vast array of CraxsRAT’s malicious capabilities extends to recording and even live-streaming the device’s screen, compromising user privacy and data security.

How Does Appdome Protect Against CraxsRAT?

Taking all the above into consideration, Appdome ensures that your Android app remains protected against CraxsRAT by offering a range of protection methods:

OPTION 1

  1. Prevent Accessibility Service Malware: Shields your app from a wide range of malicious activities by restricting unauthorized use of Android’s Accessibility Services, effectively blocking keyloggers and Remote Control.
  2. Prevent App Screen Sharing: Blocks CraxsRAT’s screen monitoring by rendering the remote screen black, except menus and dialogs not included in this protection.
  3. OneShield Anti-Tampering: Prevents CraxsRAT from injecting itself into installed apps and repackaging them.

OPTION 2

  1. Prevent Auto-Clickers: Blocks CraxsRAT’s ability to simulate remote taps within the protected app.
  2. Keylogging Prevention: Blocks CraxsRAT’s keylogger functionality, ensuring no keystrokes are displayed from within the protected application.
    Note: Turn On Accessibility Events Cloaking to receive additional protection against malicious keyboards.
  3. Prevent App Screen Sharing: Blocks CraxsRAT’s screen monitoring by rendering the remote screen black, except for menus and dialogs not included in this protection.
  4. OneShield Anti-Tampering: Prevents CraxsRAT from injecting itself into installed apps and repackaging them.

Important: ‘Keylogging Prevention’ and ‘Prevent Accessibility Service Malware’ are mutually exclusive. Only one should be enabled to protect against CraxsRAT’s keylogging capabilities.

Optional: Activating ‘Use Accessibility Service Consent’ and ‘Set Trusted Accessibility Services’ allows you to specify which accessibility services should remain operational to maintain user experience without security interventions. It’s important to note that services listed under ‘Set Trusted Accessibility Services’ will operate without Appdome’s protection mechanisms, so they should be vetted carefully to ensure they do not pose a security threat.

To protect against both passive and active scenarios, we strongly recommend using the features mentioned above. To learn more about how to activate these security protections in your Android apps, please refer to the related articles section of this knowledge base article.

Prerequisites

To use Appdome’s mobile app security build system to Block CraxsRAT, you’ll need the following:

For each security feature, detailed activation instructions are available in the related articles section of this knowledge base. These articles provide step-by-step guidance, ensuring you can effectively implement each protection strategy within your Android application.

Related Articles:

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Appdome

Want a Demo?

Synthetic Fraud Detection

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.