Wednesday, May 29, 2024

New Powerful RatMilad Malware Steals Almost Every Data From Android Device

A new Android spyware called RatMilad has been discovered by researchers at the security company Zimperium Labs. There have been observations of this spyware targeting enterprise mobile devices in the Middle East with the purpose of spying on and stealing user data. 

As a result of this intrusion, private corporate systems can be accessed, blackmailed, or other malicious uses can be made. 

In this way, malicious actors may be enabled to create notes about the victim, download any materials that have been stolen, and gather information for other criminal activities.


In order to distribute spyware, a fake NumRent virtual number generator is used. The malware downloads the malicious RatMilad payload after being installed and then requests suspicious permissions from the user.

According to the report, The fake app is primarily distributed through Telegram, which is one of the main distribution channels. The Google Play Store and other third-party stores do not currently offer NumRent or other droppers as a means of downloading RatMilad.

In order to promote the mobile RAT, RatMilad also created a dedicated website to increase the visibility of the app as well as make it seem more credible.

Several social networks such as Telegram as well as other platforms are used to advertise this website.

Capabilities of RatMilad

RatMilad spyware has the following capabilities:-

  • MAC Address of Device
  • Contact List
  • SMS List
  • Call Logs
  • Account Names and Permissions
  • Clipboard Data
  • GPS Location Data
  • MobileNumber
  • Country
  • IMEI
  • Simstate
  • File list
  • Read Files
  • Write Files
  • Delete Files
  • Sound Recording
  • File upload to C&C
  • List of the installed apps, along with their permissions.
  • Set new app permissions.
  • Model
  • Brand
  • buildID
  • Android version
  • Manufacturer

In order to make its installation as seamless as possible, RatMilad spyware runs in the background silently without attracting suspicion. 

Moreover, from the AppMilad Telegram channel, the operators of the RatMilad spyware received the source code. 

There were more than 4,700 views of the Telegram channel used for the distribution of the spyware and there were more than 200 external shares of the Telegram channel as well.

While security experts at Zimperium have found that RatMilad operators do not engage in targeted attack campaigns and as they only attack random targets.

You can read more android malware activities here.


Here below we have mentioned all the recommendations recommended by the experts:-

  • Always prefer the official app store (Google Play Store) to download any application.
  • The first thing you should do after downloading an APK is to run an antivirus scan on it.
  • The permissions requested during installation should be carefully reviewed before proceeding.
  • Do not open any suspicious links.
  • Make sure to avoid downloading fake or cracked versions of apps.

Also Read: Download Secure Web Filtering – Free E-book


Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles