A new type of Android malware is being used against victims on smartphones to spy and steal data.
A new strain of Android malware, known as “RatMilad”, is being used in the Middle East to steal data and spy on victims through malicious apps.
New Android malware is used in the Middle East
“RatMilad”, a new type of Android malware, is now being used in the Middle East to spy on victims via their smartphones and steal data. RatMilad is a kind of spyware, which are malicious programs used to spy on victims through their devices. RatMilad is capable of recording both video and audio, giving attackers the ability to eavesdrop on private conversations and perform remote surveillance.
In addition to this, RatMilad allows malicious actors to modify app permissions on victims’ devices.
RatMilad infects devices via fake VPN and spoofing apps Text Me and NumRent. These applications are distributed via links on social networks, which means that almost anyone can be exposed to RatMilad. Once the fake app is installed on the device, RatMilad can start stealing data and spying on the victims. It is used in this campaign by an Iranian hacker group known as AppMilad.
RatMilad first discovered by mobile security company
The RatMilad malware strain was first discovered by Zimperium, a mobile security company. The company tweeted on October 5, 2022 that its research team discovered RatMilad, which was active in the Middle East.
In a Zimperium blog post, it has been stated that hackers can “load the fake toolset and enable important permissions on the device” once the RatMilad spyware is active. In the same blog post, Zimperium claimed that it did not find any RatMilad-infected apps in the Android store. It is through social media, such as Telegram, that download links are shared.
RatMilad can access all kinds of data
By using RatMilad spyware, attackers can get their hands on different types of information on the victim’s device. Indeed, RatMilad can act as a Remote Access Trojan (RAT), which contributes to its name. Zimperium stated in the aforementioned blog post that RatMilad can access contact lists, call logs, SMS lists, device information, and file lists. Even a victim’s SIM card information is accessible, along with the device’s GPS location.
RatMilad poses a significant threat to Android users
With the array of malicious functions that RatMilad can perform, it is undoubtedly a very dangerous program. Although RatMilad has only been registered in the Middle East at the time of writing, we may see it spread elsewhere in the coming months.