Cyble uncovers SURXRAT’s evolution across versions, built on ArsinkRAT code, and now downloading large LLM modules signaling an expansion.

[Khushal]

Content source

https://cyble.com/blog/surxrat-downloads-large-llm-module-from-hugging-face/

Cyble uncovers SURXRAT V5, an actively developed Android RAT distributed via a Telegram-based MaaS ecosystem. New samples download a massive Hugging Face LLM module, suggesting device performance manipulation and alternative monetization strategies.

SURXRAT Downloads Large LLM Module From Hugging Face

Cyble uncovers SURXRAT’s evolution across versions, built on ArsinkRAT code, and now downloading large LLM modules signaling an expansion of its operational capabilities.

cyble.com

IOCs/SURXRAT/Hashes.txt at main · CRIL-ThreatIntelligence/IOCs

IOC's related to CRIL research articles . Contribute to CRIL-ThreatIntelligence/IOCs development by creating an account on GitHub.

github.com

 

[Bot]

Cyble’s write-up (dated February 24, 2026) is useful because it highlights SURXRAT V5 as a “commercialized” Android RAT (Telegram MaaS) with some unusually aggressive impact behavior—especially the conditional download of a very large LLM module (reported as >23GB) from Hugging Face, apparently tied to “network lag manipulation” scenarios.
SURXRAT Downloads Large LLM Module From Hugging Face

What stands out technically (from the report)

• MaaS / Telegram ecosystem: marketed with reseller/partner tiers and centralized operator infrastructure, which usually means faster iteration and lots of “customer” builds in the wild.
• Full RAT capability set: surveillance (SMS, notifications, clipboard, contacts/call logs, files, location, etc.) plus active control (forced site opens, calls, device lock PIN, storage wipe, etc.).
• “Ransomware-style” screen/device locking: raises the impact from spying/fraud to direct extortion/denial of access.
• Accessibility abuse: the report describes prompting users for high-risk permissions and Accessibility Services—commonly used to enable automated interaction/credential theft/OTP interception.
• LLM module download behavior: the report says the >23GB download is conditional (e.g., triggered when certain game packages are active, and also configurable via backend commands), and suggests it could be used to intentionally degrade performance/latency, mask background malicious activity, or enable future AI-driven features.

Practical risk for end users

• Account takeover / OTP interception: if SMS/notifications/Accessibility are abused, banking/social/email accounts can be at risk.
• Extortion / lockout: a screen locker + attacker-set PIN can block access to the device.
• Cost/DoS angle: a multi-GB download can burn mobile data, storage, battery, and make the phone “feel broken,” which can delay user suspicion and response.

Defensive takeaways (Android)

• Avoid sideloaded APKs and “modded” apps; prefer Google Play and reputable vendors.
• Review Accessibility permissions and revoke anything that doesn’t clearly need it (a lot of Android malware relies on this).
• Check for unknown Device Admin apps (or similar elevated control) and remove suspicious ones.
• Run scans with reputable mobile security tools and keep Play Protect enabled (no single scanner is perfect; false positives/negatives happen).
• If compromise is suspected: prioritize protecting accounts (change passwords from a clean device, revoke sessions/tokens where possible, and move 2FA away from SMS to an authenticator/hardware key when you can). If a screen locker/persistence is involved, a factory reset is often the safest cleanup path.

About the hash list / IOCs
The GitHub link is an IOC list intended for hunting and correlation (EDR/SIEM/threat intel workflows), not a “this single hash proves infection” guarantee. Hashes are brittle (repacked builds change hashes quickly), so they’re best used alongside behavioral/network indicators and permission/persistence checks.
IOCs/SURXRAT/Hashes.txt at main · CRIL-ThreatIntelligence/IOCs

Conclusion
Treat this family as a serious Android MaaS RAT with both surveillance and disruptive/extortion capabilities; the “download a massive LLM module” behavior is notable mainly as an impact/evasion/monetization experiment rather than something typical for mobile malware. The most actionable user-level defenses are avoiding sideloaded apps, auditing Accessibility/Device Admin privileges, and doing account-protection steps promptly if exposure is suspected.

Sources

• SURXRAT Downloads Large LLM Module From Hugging Face
• IOCs/SURXRAT/Hashes.txt at main · CRIL-ThreatIntelligence/IOCs

 

[ForgottenSeer 123960]

Technical Analysis & Remediation

MITRE ATT&CK Mapping

TA0035
Collection

T1636.002
Protected User Data: Accounts

CVE Profile
N/A [CISA KEV Status: Inactive].
This threat model relies on manual user installation and the granting of broad system permissions rather than the remote exploitation of a specific CVE.

Telemetry

SHA256 Hash 2df29702c90b128dec46d5eb110ccc668622b90b4f69957c9edd369483ab9b1d

SHA256 Hash 2e6f85dfdcbadb7d0541bf1db57f68104441fdc5c12062366fcbb1798c175867

SHA256 Hash 865a177881c92997c00770c864284767e998f0af66bfd7b4c4e5305a9eeb1f50

Constraint
Because this malware exclusively targets Android platforms, the file container resembles an APK package that likely abuses Android Accessibility Services to achieve persistence and capture on-screen protected user data.

Remediation - THE ENTERPRISE TRACK (NIST SP 800-61r3 / CSF 2.0)

Note
Due to the Environmental Reality Check, these actions are targeted at Mobile Device Management (MDM) infrastructure.

GOVERN (GV) – Crisis Management & Oversight

Command
Issue a fleet-wide advisory to mobile users regarding the risks of sideloading Android applications and navigating unsolicited links distributed via Telegram.

DETECT (DE) – Monitoring & Analysis

Command
Ingest the provided SHA256 telemetry into corporate MDM and Endpoint Detection and Response (EDR) mobile blocklists.

Command
Monitor network egress for anomalous, sustained large file downloads originating from Hugging Face domains on corporate mobile subnets.

RESPOND (RS) – Mitigation & Containment

Command
Isolate any managed Android device exhibiting unauthorized overlay windows, suspicious battery drain, or unexpected device performance throttling.

RECOVER (RC) – Restoration & Trust

Command
Perform a remote wipe/factory reset on compromised mobile hardware and re-provision via a known-clean MDM profile.

IDENTIFY & PROTECT (ID/PR) – The Feedback Loop

Command
Restrict application installations exclusively to the Managed Google Play Store and enforce strict policies against "Unknown Sources" installations.

Remediation - THE HOME USER TRACK (Safety Focus)

Since the Environmental Reality Check confirms this vulnerability targets the Android OS, the threat to default Windows Home environments is Theoretical/Low. The following applies to Android users.

Priority 1: Safety

Command
Disconnect from the internet immediately (enable Airplane Mode) if you suspect a malicious app was recently sideloaded.

Command
Do not log into banking/email applications until the device is verified clean.

Priority 2: Identity

Command
Reset passwords and rotate MFA tokens for sensitive accounts using a known clean device (e.g., a Windows desktop or a separate secure phone).

Priority 3: Persistence

Command
Navigate to Settings > Accessibility and disable any unrecognized services with granted permissions.

Command
Boot the Android device into "Safe Mode" to prevent third-party applications from launching, then manually uninstall any suspicious applications.

Hardening & References

Baseline
CIS Benchmarks for Google Android.

Framework
NIST CSF 2.0 / SP 800-61r3.

Source

Cyble Research & Intelligence Labs

CRIL-ThreatIntelligence