Security experts have identified a new strain of Android spyware used in attacks against devices in the Middle East that can steal victims’ data and carry out cyber espionage.
Zimperium, the mobile security firm that made the discovery, claims that the malware, dubbed “RatMilad,” can facilitate extortion, eavesdropping on conversations, data theft, blackmail and other vicious attacks.
The first iteration of RatMilad mimicked a VPN application that promised phone number spoofing capabilities called TextMe. Attempting to run the app prompted victims to grant various permissions to the rogue app, including access to the contact list, GPS location data, file management, call logs and sound recordings.
Currently, RatMilad poses as a fake app called NumRent, a revamped version of TextMe, to carry on spreading the malware.
“The mobile application poses a threat to Android devices by functioning as an advanced Remote Access Trojan (RAT) with spyware capabilities that receives and executes commands to collect and exfiltrate a wide variety of data and perform a wide range of malicious actions,” reads Zimperium’s security advisory.
The severity of the newly identified spyware stems from the broad range of data it can access and the operations it can perform, including:
- Call logs
- SMS list
- Contact list
- Device’s MAC address
- File list
- Account names and associated permissions
- Clipboard data
- Installed applications list and associated permissions
- Device info (manufacturer, brand, model, Android version, build number)
- SIM card info (IMEI, SIM state, country, mobile number)
- GPS location
- Record sounds
- Configure new permissions for apps
- Upload files to Command and Control (C&C) server
- Manage files (read, write, delete)
“The phone spoofing app is distributed through links on social media and communication tools, encouraging them to sideload the fake toolset and enable significant permissions on the device,” according to the company’s announcement. “But in reality, after the user enables the app to access multiple services, the novel RatMilad spyware is installed by sideloading, enabling the malicious actor behind this instance to collect and control aspects of the mobile endpoint.”
To prevent RatMilad infections, users should avoid downloading shady applications from unknown sources and installing them on their Android devices. It also helps to be mindful when it comes to granting permissions to apps, even if they seem legitimate.
Dedicated software solutions such as Bitdefender Mobile Security for Android can steer you clear of cyberthreats with its extensive library of features, including:
- Comprehensive malware scanner that provides you with in-depth details about detected threats
- Automatic scanning of newly installed apps
- On-demand and on-install scanners that help you assess the security of your apps
- Anti-phishing module that scans webpages and warns you of suspicious or fraudulent pages