SurxRAT Shows How Mobile Malware Can Leverage Large-Language Models

A recent analysis identifies SurxRAT, an Android remote-access trojan that can download and run third-party large language model modules (e.g., from Hugging Face) to automate malicious tasks. By integrating LLMs, SurxRAT can craft realistic phishing content, perform tailored social-engineering prompts, and autonomously interact with on-device apps and user interfaces to exfiltrate credentials and sensitive data, increasing evasion and persistence and underscoring the need for behavior-based detection and strict app controls.