Tuesday, December 3, 2024
HomeAndroidNew Powerful RatMilad Malware Steals Almost Every Data From Android Device

New Powerful RatMilad Malware Steals Almost Every Data From Android Device

Published on

SIEM as a Service

A new Android spyware called RatMilad has been discovered by researchers at the security company Zimperium Labs. There have been observations of this spyware targeting enterprise mobile devices in the Middle East with the purpose of spying on and stealing user data. 

As a result of this intrusion, private corporate systems can be accessed, blackmailed, or other malicious uses can be made. 

In this way, malicious actors may be enabled to create notes about the victim, download any materials that have been stolen, and gather information for other criminal activities.

- Advertisement - SIEM as a Service

Distribution

In order to distribute spyware, a fake NumRent virtual number generator is used. The malware downloads the malicious RatMilad payload after being installed and then requests suspicious permissions from the user.

According to the report, The fake app is primarily distributed through Telegram, which is one of the main distribution channels. The Google Play Store and other third-party stores do not currently offer NumRent or other droppers as a means of downloading RatMilad.

In order to promote the mobile RAT, RatMilad also created a dedicated website to increase the visibility of the app as well as make it seem more credible.

Several social networks such as Telegram as well as other platforms are used to advertise this website.

Capabilities of RatMilad

RatMilad spyware has the following capabilities:-

  • MAC Address of Device
  • Contact List
  • SMS List
  • Call Logs
  • Account Names and Permissions
  • Clipboard Data
  • GPS Location Data
  • MobileNumber
  • Country
  • IMEI
  • Simstate
  • File list
  • Read Files
  • Write Files
  • Delete Files
  • Sound Recording
  • File upload to C&C
  • List of the installed apps, along with their permissions.
  • Set new app permissions.
  • Model
  • Brand
  • buildID
  • Android version
  • Manufacturer

In order to make its installation as seamless as possible, RatMilad spyware runs in the background silently without attracting suspicion. 

Moreover, from the AppMilad Telegram channel, the operators of the RatMilad spyware received the source code. 

There were more than 4,700 views of the Telegram channel used for the distribution of the spyware and there were more than 200 external shares of the Telegram channel as well.

While security experts at Zimperium have found that RatMilad operators do not engage in targeted attack campaigns and as they only attack random targets.

You can read more android malware activities here.

Recommendations

Here below we have mentioned all the recommendations recommended by the experts:-

  • Always prefer the official app store (Google Play Store) to download any application.
  • The first thing you should do after downloading an APK is to run an antivirus scan on it.
  • The permissions requested during installation should be carefully reviewed before proceeding.
  • Do not open any suspicious links.
  • Make sure to avoid downloading fake or cracked versions of apps.

Also Read: Download Secure Web Filtering – Free E-book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...