Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong.

"The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic shift away from its previous common victim base," Cleafy researchers Simone Mattia, Alessandro Strino, and Federico Valentini said in an analysis of the malware.

PlayPraetor, managed by a Chinese command-and-control (C2) panel, does significantly deviate from other Android trojans in that it abuses accessibility services to gain remote control and can serve fake overlay login screens atop nearl

See Full Page