According to a July 27, 2016 report, an unknown actor ised Twitter to spread links to an Android app containing a Remote Access Trojan (RAT) being used to spy on ISIS sympathizers and other radical Islamists. The links were posted by now-suspended Twitter profiles such as @farouk_112 and @farouk_113, which were known for publishing radical propaganda.
Intel Security experts who discovered these accounts said that the individuals behind them posted links to an Android app advertised as a radio player for the Qatar-based Al Rayyan Radio. This app contained an Android RAT called SandroRat, which gives a third party the power to control infected devices. The RAT can be used to access call logs, SMS, camera, or file system, as well as to decrypt WhatsApp conversations if the Android was rooted.
Source: news.softpedia.com, July 27, 2016