888 (also known as Loda RAT and Gaza007) is a Remote Access Trojan (RAT) targeting Android operating systems.

Trojans of this type enable remote access/control over infected devices. Initially, the 888 RAT's developers offered this piece of malicious software for sale as Windows OS (Operating System) malware. In 2018 the program was presented as an Android OS RAT builder and later - as one meant for Linux OSes. However, in 2019 a variant of the Android 888 RAT became available for free. This RAT is associated with two cyber criminal groups - Kasablanka and BladeHawk. According to ESET's researchers, the latter is responsible for a cyber-espionage campaign targeting the Kurdish ethnic group and its supporters. The 888 RAT was proliferated under the guise of legitimate apps promoted on pro-Kurd content Facebook groups. At the time of writing, the 888 RAT spreading accounts and posts have been removed. However, other proliferators and proliferation methods are not unlikely.

Remote access trojan examples

We have analyzed countless malicious programs targeting Android OSes; CapraRAT, AIVARAT, and Sandro RAT are just a couple examples of ones with RAT capabilities.

Malware can have a wide range of functionalities and uses. However, regardless of how this software operates or what the cyber criminals' goals are - the presence of malware on a system threatens device integrity and user safety. Therefore, all threats must be eliminated immediately upon detection.