The security company Zimperium He discovered a new kind of Android malware called “RatMilad”.
The new malware targets mobile devices and is used for cyber espionage, blackmail or to eavesdrop on victims' conversations.
The malware hides behind a fake VPN and spoofing app called “NumRent.”
The NumRent app is distributed through links on social media as well as through communication applications such as Telegram and WhatsApp. To convince their victims of the app's legitimacy, the scammers created a website that advertises it.
Once installed, RatMilad hides behind a VPN connection and extracts data such as:
- SMS messages
- Call logs
- Data stored in the clipboard
- Device information (eg model, brand, build number, Android version)
- GPS location data
- SIM information
- List of installed applications
In addition, RatMilad can delete data and upload the victim's files to the command and control server used by the attackers. It can modify app permissions and use the device's microphone to record audio and monitor conversations.
According to Zimperium, the cybercriminals behind RatMilad are taking a random target approach rather than targeting specific individuals and businesses.
To protect your Android device from RatMilad and any other malware, avoid downloading apps from third-party app stores. Also, scan for malware frequently with a trusted app and check your app permissions for anything that might look inappropriate.
Indicators of Compromise