Anti-Malware Research Whitepapers

BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool

In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter, the Advanced Persistent Threat group (also known as APT-C-08) has been active both in desktop and mobile malware campaigns for quite a long time, as their activity seems to date back to 2014.

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions for Android (released in 2014) were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.

This paper is a technical account of the developments related to Bitter, its evolution and how, steadily and surely, threat actors are raising their game and poking holes in Google Play to use the platform as a distribution channel.

Download the PDF file below to learn more about BitterRAT, its evolution, as well as about the new distribution tactics via Google Play.

Download the whitepaper

About the author


Oana Asoltanei is a Security Researcher at Bitdefender. She focuses her research on Android malware and mobile security in general.

About the author

Denis Cosmin NUTIU

As a security researcher at Bitdefender, Denis is passionate about all things related to computers and free software.

About the author

Alin Mihai Barbatei

I joined the Cyber Threat Intelligence Lab (CTIL) team several ago and never looked back. At work I am continuously focusing on remediation of Android threats with everything that this involves; I can’t get too picky. In my spare time I like to learn stuff, read, go hiking and I also do a bit of kirigami.
Cliché or not, I actually do believe that if you are not constantly improving as a person you are in fact regressing.

Add Comment

Click here to post a comment