A newly discovered Android malware, RambleOn, has been spreading infection in the wild after security researchers found its trails targeting a South Korean journalist in a social engineering operation.
According to the researchers’ observations on this new Android malware, once it successfully infiltrates a device, it can read, collect, and leak the victim’s SMS data, contact list, voice calls, live location, and other confidential information.
Also regarded as spyware, the RambleOn Android malware hid behind a malicious chat app ‘Fizzle.’
An in-depth investigation of this new malware showed that it was initially hiding behind a messaging application called ‘Fizzle,’ which delivers a next-stage payload hosted on Yandex and pCloud cloud storage platforms once a victim installs it in their devices.
Furthermore, it was discovered that the targeted South Korean journalist first received an Android Package (APK) file of the Fizzle chat application on their WeChat account last December 7. As per the sender of the malicious APK file, the journalist must install it to discuss a sensitive topic over Fizzle, deemed a secured app for confidential conversations.
However, upon installation, the app launched the RambleOn Android malware on the victim’s device and began its malicious activities. The first activities of the malware are loading another APK file payload and requesting permissions on the target, including accessing call logs, collecting files, intercepting SMS data, recording voice and audio, and tracking location.
The second payload launched by the malware acts as an alternative channel for accessing the victim’s device via Firebase Cloud Messaging (FCM), which the threat actors utilise as a remote C2 server.
Security researchers attribute the RambleOn Android malware operators to the developers of another Android malware called ‘FastFire.’ The North Korean-backed Kimsuky group was first seen distributing FastFire to South Korean targets alongside two other malware strains ‘FastViewer’ and ‘FastSpy.’
Spyware strains pose huge risks to all mobile users’ safety. Thus, it is strongly recommended to refrain from downloading APK files, especially if it is delivered through or by suspicious sources.
