A recent analysis reveals that SurxRAT, a new Android remote-access trojan, can download and run large language model (LLM) modules from third-party repositories to automate malicious tasks on infected devices. By integrating AI modules, SurxRAT can generate realistic phishing content, tailor social-engineering prompts, and interact autonomously with on-device apps and user interfaces to exfiltrate credentials or sensitive data. This evolution demonstrates how mobile threats are increasingly combining advanced automation with traditional RAT capabilities, raising the bar for evasion and persistence. With smartphones at the center of personal and business access, the report highlights the need for behavior-based threat detection and strict app controls.
Read the full report here.
