Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices

A
novel
Android
malware
called

RatMilad

has
been
observed
targeting
a
Middle
Eastern
enterprise
mobile
device
by
concealing
itself
as
a
VPN
and
phone
number
spoofing
app.

The
mobile
trojan
functions
as
advanced
spyware
with
capabilities
that
receives
and
executes
commands
to
collect
and
exfiltrate
a
wide
variety
of
data
from
the
infected
mobile
endpoint,
Zimperium

said

in
a
report
shared
with
The
Hacker
News.

Evidence
gathered
by
the
mobile
security
company
shows
that
the
malicious
app
is
distributed
through
links
on
social
media
and
communication
tools
like
Telegram,
tricking
unsuspecting
users
into
sideloading
the
app
and
granting
it
extensive
permissions.

The
idea
behind
embedding
the
malware
within
a
fake
VPN
and
phone
number
spoofing
service
is
also
clever
in
that
the
app
claims
to
enable
users
to
verify
social
media
accounts
via
phone,
a
technique
popular
in
countries
where
access
is
restricted.

“Once
installed
and
in
control,
the
attackers
could
access
the
camera
to
take
pictures,
record
video
and
audio,
get
precise
GPS
locations,
view
pictures
from
the
device,
and
more,”
Zimperium
researcher
Nipun
Gupta
said.

Other
features
of
RatMilad
make
it
possible
for
the
malware
to
amass
SIM
information,
clipboard
data,
SMS
messages,
call
logs,
contact
lists,
and
even
perform
file
read
and
write
operations.

Zimperium
hypothesized
that
the
operators
responsible
for
RatMilad
acquired
source
code
from
an
Iranian
hacker
group
dubbed
AppMilad
and
integrated
it
into
a
fraudulent
app
for
distributing
it
to
unwitting
users.

The
scale
of
the
infections
is
unknown,
but
the
cybersecurity
company
said
it
detected
the
spyware
during
a
failed
compromise
attempt
of
a
customer’s
enterprise
device.

A
post
shared
on
a
Telegram
channel
used
to
propagate
the
malware
sample
has
been
viewed
over
4,700
times
with
more
than
200
external
shares,
indicating
a
limited
scope.

“The
RatMilad
spyware
and
the
Iranian-based
hacker
group
AppMilad
represent
a
changing
environment
impacting
mobile
device
security,”
Richard
Melick,
director
of
mobile
threat
intelligence
at
Zimperium,
said.

“From

Pegasus

to

PhoneSpy
,
there
is
a
growing
mobile
spyware
market
available
through
legitimate
and
illegitimate
sources,
and
RatMilad
is
just
one
in
the
mix.”

Leave a Reply

Your email address will not be published. Required fields are marked *