Saturday, December 2, 2023

New Powerful RatMilad Malware Steals Almost Every Data From Android Device

A new Android spyware called RatMilad has been discovered by researchers at the security company Zimperium Labs. There have been observations of this spyware targeting enterprise mobile devices in the Middle East with the purpose of spying on and stealing user data. 

As a result of this intrusion, private corporate systems can be accessed, blackmailed, or other malicious uses can be made. 

In this way, malicious actors may be enabled to create notes about the victim, download any materials that have been stolen, and gather information for other criminal activities.


In order to distribute spyware, a fake NumRent virtual number generator is used. The malware downloads the malicious RatMilad payload after being installed and then requests suspicious permissions from the user.

According to the report, The fake app is primarily distributed through Telegram, which is one of the main distribution channels. The Google Play Store and other third-party stores do not currently offer NumRent or other droppers as a means of downloading RatMilad.

In order to promote the mobile RAT, RatMilad also created a dedicated website to increase the visibility of the app as well as make it seem more credible.

Several social networks such as Telegram as well as other platforms are used to advertise this website.

Capabilities of RatMilad

RatMilad spyware has the following capabilities:-

  • MAC Address of Device
  • Contact List
  • SMS List
  • Call Logs
  • Account Names and Permissions
  • Clipboard Data
  • GPS Location Data
  • MobileNumber
  • Country
  • IMEI
  • Simstate
  • File list
  • Read Files
  • Write Files
  • Delete Files
  • Sound Recording
  • File upload to C&C
  • List of the installed apps, along with their permissions.
  • Set new app permissions.
  • Model
  • Brand
  • buildID
  • Android version
  • Manufacturer

In order to make its installation as seamless as possible, RatMilad spyware runs in the background silently without attracting suspicion. 

Moreover, from the AppMilad Telegram channel, the operators of the RatMilad spyware received the source code. 

There were more than 4,700 views of the Telegram channel used for the distribution of the spyware and there were more than 200 external shares of the Telegram channel as well.

While security experts at Zimperium have found that RatMilad operators do not engage in targeted attack campaigns and as they only attack random targets.

You can read more android malware activities here.


Here below we have mentioned all the recommendations recommended by the experts:-

  • Always prefer the official app store (Google Play Store) to download any application.
  • The first thing you should do after downloading an APK is to run an antivirus scan on it.
  • The permissions requested during installation should be carefully reviewed before proceeding.
  • Do not open any suspicious links.
  • Make sure to avoid downloading fake or cracked versions of apps.

Also Read: Download Secure Web Filtering – Free E-book


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles