Saturday, February 8, 2025
HomeAndroidNew Powerful RatMilad Malware Steals Almost Every Data From Android Device

New Powerful RatMilad Malware Steals Almost Every Data From Android Device

Published on

SIEM as a Service

Follow Us on Google News

A new Android spyware called RatMilad has been discovered by researchers at the security company Zimperium Labs. There have been observations of this spyware targeting enterprise mobile devices in the Middle East with the purpose of spying on and stealing user data. 

As a result of this intrusion, private corporate systems can be accessed, blackmailed, or other malicious uses can be made. 

In this way, malicious actors may be enabled to create notes about the victim, download any materials that have been stolen, and gather information for other criminal activities.

Distribution

In order to distribute spyware, a fake NumRent virtual number generator is used. The malware downloads the malicious RatMilad payload after being installed and then requests suspicious permissions from the user.

According to the report, The fake app is primarily distributed through Telegram, which is one of the main distribution channels. The Google Play Store and other third-party stores do not currently offer NumRent or other droppers as a means of downloading RatMilad.

In order to promote the mobile RAT, RatMilad also created a dedicated website to increase the visibility of the app as well as make it seem more credible.

Several social networks such as Telegram as well as other platforms are used to advertise this website.

Capabilities of RatMilad

RatMilad spyware has the following capabilities:-

  • MAC Address of Device
  • Contact List
  • SMS List
  • Call Logs
  • Account Names and Permissions
  • Clipboard Data
  • GPS Location Data
  • MobileNumber
  • Country
  • IMEI
  • Simstate
  • File list
  • Read Files
  • Write Files
  • Delete Files
  • Sound Recording
  • File upload to C&C
  • List of the installed apps, along with their permissions.
  • Set new app permissions.
  • Model
  • Brand
  • buildID
  • Android version
  • Manufacturer

In order to make its installation as seamless as possible, RatMilad spyware runs in the background silently without attracting suspicion. 

Moreover, from the AppMilad Telegram channel, the operators of the RatMilad spyware received the source code. 

There were more than 4,700 views of the Telegram channel used for the distribution of the spyware and there were more than 200 external shares of the Telegram channel as well.

While security experts at Zimperium have found that RatMilad operators do not engage in targeted attack campaigns and as they only attack random targets.

You can read more android malware activities here.

Recommendations

Here below we have mentioned all the recommendations recommended by the experts:-

  • Always prefer the official app store (Google Play Store) to download any application.
  • The first thing you should do after downloading an APK is to run an antivirus scan on it.
  • The permissions requested during installation should be carefully reviewed before proceeding.
  • Do not open any suspicious links.
  • Make sure to avoid downloading fake or cracked versions of apps.

Also Read: Download Secure Web Filtering – Free E-book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...