Android users should watch out for the new RatMilad spyware

October 10, 2022
Android Mobile Users RatMilad Spyware Malware

A new threat for Android users called RatMilad spyware was uncovered by researchers that target numerous devices, especially in the Middle East, to execute data-stealing campaigns and remote monitoring.

The recently identified malware was discovered by a mobile security company that advised everyone that it is capable of extortion tactics, espionage campaigns, and listening to private conversations secretly.

The actors could use these capabilities to blackmail victims, note credentials, or gather essential information.

 

The RatMilad spyware is spread via malicious apps.

 

According to researchers, the RatMilad spyware is distributed through a phoney number generator utilised by users for activating NumRent. Once a victim installs the app, it will request advanced permissions that could be abused by the actors to drop the RatMilad payload.

The primary vector for this malware for the fake app is Telegram. NumRent is only available inside this platform and not on other third-party sources or the Google Play Store.

The RatMilad operator has also developed a specially crafted website to endorse the mobile RAT to make the app look more authentic. The malicious webpage is endorsed as a URL within Telegram or other social media platforms.

If RatMilad is successfully installed on a targeted device, it will hide in a VPN connection and try to steal troves of data. The spyware could gather essential data such as SMS, call logs, contact list, clipboard data, file lists and file contents based on reports.

Moreover, critical data such as basic device information, device MAC address, account names & permissions, installed apps, GPS location data, and SIM information could also be stolen by the RatMilad payload.

This spyware could also execute file actions like deleting and stealing files. It can also alter the permissions of an installed app or use the infected device’s mic to record audio. Experts claim that these abilities are sustainable for harvesting personal information, private communications, photo videos, documents, corporate information and more.

The researchers said that they discovered RatMilad after it failed to load on a targeted device, which allowed them to analyse the spyware.

Android users should refrain from downloading applications except Google Play Store to mitigate the chances of getting infected by this newly discovered spyware.

About the author

Leave a Reply