Home>Blog>The Hacker News Headlines>Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
The Hacker News Headlines

Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices

RatMilad Android Spyware

A novel Android malware called RatMilad has been observed
targeting a Middle Eastern enterprise mobile device by concealing
itself as a VPN and phone number spoofing app.

The mobile trojan functions as advanced spyware with
capabilities that receives and executes commands to collect and
exfiltrate a wide variety of data from the infected mobile
endpoint, Zimperium said[1]
in a report shared with The Hacker News.

Evidence gathered by the mobile security company shows that the
malicious app is distributed through links on social media and
communication tools like Telegram, tricking unsuspecting users into
sideloading the app and granting it extensive permissions.

CyberSecurity

The idea behind embedding the malware within a fake VPN and
phone number spoofing service is also clever in that the app claims
to enable users to verify social media accounts via phone, a
technique popular in countries where access is restricted.

“Once installed and in control, the attackers could access the
camera to take pictures, record video and audio, get precise GPS
locations, view pictures from the device, and more,” Zimperium
researcher Nipun Gupta said.

Other features of RatMilad make it possible for the malware to
amass SIM information, clipboard data, SMS messages, call logs,
contact lists, and even perform file read and write operations.

Zimperium hypothesized that the operators responsible for
RatMilad acquired source code from an Iranian hacker group dubbed
AppMilad and integrated it into a fraudulent app for distributing
it to unwitting users.

The scale of the infections is unknown, but the cybersecurity
company said it detected the spyware during a failed compromise
attempt of a customer’s enterprise device.

CyberSecurity

A post shared on a Telegram channel used to propagate the
malware sample has been viewed over 4,700 times with more than 200
external shares, indicating a limited scope.

“The RatMilad spyware and the Iranian-based hacker group
AppMilad represent a changing environment impacting mobile device
security,” Richard Melick, director of mobile threat intelligence
at Zimperium, said.

“From Pegasus[2]
to PhoneSpy[3], there is a growing
mobile spyware market available through legitimate and illegitimate
sources, and RatMilad is just one in the mix.”

References

  1. ^
    said
    (www.zimperium.com)
  2. ^
    Pegasus
    (thehackernews.com)
  3. ^
    PhoneSpy
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.