RatMilad releases new Android malware

The security company Zimperium He discovered a new kind of Android malware called “RatMilad”.

The new malware targets mobile devices and is used for cyber espionage, blackmail or to eavesdrop on victims' conversations.

android code

The malware hides behind a fake VPN and spoofing app called “NumRent.”

The NumRent app is distributed through links on social media as well as through communication applications such as Telegram and WhatsApp. To convince their victims of the app's legitimacy, the scammers created a website that advertises it.

Once installed, RatMilad hides behind a VPN connection and extracts data such as:

  • SMS messages
  • Call logs
  • Data stored in the clipboard
  • Device information (eg model, brand, build number, Android version)
  • GPS location data
  • SIM information
  • Contacts
  • List of installed applications

In addition, RatMilad can delete data and upload the victim's files to the command and control server used by the attackers. It can modify app permissions and use the device's microphone to record audio and monitor conversations.

According to Zimperium, the cybercriminals behind RatMilad are taking a random target approach rather than targeting specific individuals and businesses.

To protect your Android device from RatMilad and any other malware, avoid downloading apps from third-party app stores. Also, scan for malware frequently with a trusted app and check your app permissions for anything that might look inappropriate.

Indicators of Compromise

Application Names

  • com.example.confirmcode
  • com.example.confirmcodef
  • com.example.confirmcodg

C&C Servers

  • http[://]textme[.]network
  • api[.]numrent[.]shop

SHA-256 Hashes

  • 31dace8ecb943daa77d71f9a6719cb8008dd4f3026706fb44fab67815546e032
  • 3da3d632d5d5dde62b8ca3f6665ab05aadbb4d752a3e6ef8e9fc29e280c5eb07
  • 0d0dcc0e2eebf07b902a58665155bd9b035d6b91584bd3cc435f11beca264b1e
  • 12f723a19b490d079bea75b72add2a39bb1da07d0f4a24bc30313fc53d6c6e42
  • bae6312b00de73eb7a314fc33410a4d59515d56640842c0114bd1a2d2519e387
  • 30e5a03da52feff4500c8676776258b98e24b6253bc13fd402f9289ccef27aa8
  • c195a9d3e42246242a80250b21beb7aa68c270f7b2c97a9c93b17fbb90fd8194
  • 73d04d7906706f90fb81676d4f023fbac75b0047897b289f2eb34f7640ed1e7f

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Android malware, Android, malware, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).