A new Android malware has been discovered, dubbed ‘RatMilad’ that can steal your data and record audio. It is spyware and it is used to spy on victims and steal data. The mobile security firm Zimperium has been in charge of alerting us to this malware.
“Like other mobile spyware we’ve seen, data stolen from these devices could be used to access private corporate systems, blackmail the victim and much more,” according to Zimperium, which says that after stealing information, hackers can produce notes about the victim, download any stolen material, and gather information for other practices, such as extortion.
how it spreads
The spyware is distributed via a fake virtual number generator used to activate social media accounts called “NumRent”. When installed, the app requests risky permissions and then abuses them to sideload the RatMilad malicious payload. For now it is known that he is in the Middle East.
The main distribution channel for the fake app is Telegram, as NumRent, or other Trojans carrying RatMilad, are not available on the Google Play Store or in third-party stores. The RatMilad threat actors have also created a website dedicated to promoting the Mobile Remote Access Trojan (RAT) to make the app look more convincing.
After installing itself on the victim’s device, RatMilad hides behind a VPN connection and tries to steal data such as basic device information (model, brand, buildID, Android version), contact list; SMS; call logs; list of installed applications and permits; GPS location data; SIM information (number, country, IMEI, status); and the content of the files, among other things.
Furthermore, RatMilad can perform actions on files, how to delete and steal them, modify permissions of the installed application or even use the device’s microphone to record audio.
According to the company, “we believe that the malicious actors responsible for RatMilad acquired the code from the AppMilad group and integrated it into a fake application for distribution to unsuspecting victims.” Zimperium concludes that heRatMilad operators are following a random target approach instead of running a focused campaign.