RatMilad releases new Android malware

The security company Zimperium He discovered a new kind of malevolent for Android called “RatMilad”.

The new malware targets mobile devices and is used for cyber espionage, blackmail or to eavesdrop on victims' conversations.

android code

The malicious one is hiding behind a fake VPN and spoofing app called “NumRent.”

Η NumRent διανέμεται μέσω συνδέσμων στα μέσα κοινωνικής δικτύωσης καθώς και μέσω εφαρμογών επικοινωνίας όπως το Telegram και το WhatsApp. Για να πείσουν τα θύματά τους για τη νομιμότητα της ς, οι απατεώνες δημιούργησαν έναν ιστότοπο που την διαφημίζει.

Once installed, RatMilad hides behind a VPN connection and exports such as:

  • SMS messages
  • Call logs
  • Data stored in the clipboard
  • Device information (eg model, brand, build number, Android)
  • GPS location data
  • SIM information
  • Contacts
  • List of installed applications

In addition, RatMilad can delete data and upload the victim's files to the command and control server used by the attackers. It can modify app permissions and use the device's microphone to record audio and monitor conversations.

According to Zimperium, the cybercriminals behind RatMilad are taking a random target approach rather than targeting specific individuals and businesses.

To protect your Android device from RatMilad and any other malware, avoid downloading apps from third-party app stores. Also, scan for malware frequently with a trusted app and check your app permissions for anything that might look inappropriate.

Indicators of Compromise

Application Names

  • com.example.confirmcode
  • com.example.confirmcodef
  • com.example.confirmcodg

C&C Servers

  • http[://]textme[.]network
  • api[.]numrent[.]shop

SHA-256 Hashes

  • 31dace8ecb943daa77d71f9a6719cb8008dd4f3026706fb44fab67815546e032
  • 3da3d632d5d5dde62b8ca3f6665ab05aadbb4d752a3e6ef8e9fc29e280c5eb07
  • 0d0dcc0e2eebf07b902a58665155bd9b035d6b91584bd3cc435f11beca264b1e
  • 12f723a19b490d079bea75b72add2a39bb1da07d0f4a24bc30313fc53d6c6e42
  • bae6312b00de73eb7a314fc33410a4d59515d56640842c0114bd1a2d2519e387
  • 30e5a03da52feff4500c8676776258b98e24b6253bc13fd402f9289ccef27aa8
  • c195a9d3e42246242a80250b21beb7aa68c270f7b2c97a9c93b17fbb90fd8194
  • 73d04d7906706f90fb81676d4f023fbac75b0047897b289f2eb34f7640ed1e7f

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Android malware, Android, malware, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).