A new Android malware was detected, and it was reportedly capable of stealing data and reading conversations. The spyware was called RatMilad and is taking advantage of users that are just trying to get verified on social media.
Zimperium Security Firm was Able to Discover the RatMilad Spyware Functioning as a Remote Access Trojan
The story was first reported on Bleeping Computer, noting that a mobile security firm known as Zimperium was able to discover the new RatMilad spyware. The new spyware was described as not a typical malware and that it functions as a Remote Access Trojan or RAT.
The RAT is capable of stealing massive amounts of data from its victim and can even spy on the conversations of the victim. During its discovery, it was found that the RatMilad was widely used in the Middle East, but its spyware could easily come to the US or even other countries.
Ratmilad Could Help Attackers Blackmail Victims or 'Commit Cyber Espionage'
The spyware was described as particularly useful, especially when it came to gathering potential victims' data. Through the use of the RatMilad, an attacker could easily use the information to blackmail the victim or even use the information to "commit cyber espionage."
According to the story by Tom's Guide, the original version of the RatMilad was able to spread the web through a fake phone spoofing app known as Text Me. The app was updated over the years, with the cybercriminals behind it changing its name to NumRent.
RatMilad had Its Own Website for the Fake Android App
The apps are reportedly used in strict countries that have policies that ban the total use of social media. To take things a step further, RatMilad even has its own website, which was created by cybercriminals in order to promote the fake Android app.
The links were then reportedly shared on Telegram along with other social media websites in order to trick users into thinking it is legitimate. Once users fall for it, they then download and install the fake app and this is how the RatMilad spreads.
Read Also: Optus Data Situation Leads to iOS 16 Users Urged to Take a Security Check
The spyware was Viewed Over 4,700 Times on Telegram with 200 External Shares
Zimperium released a blog post sharing that the cybercriminals Telegram channel that was used to promote the Android app was already viewed over 4,700 times. To make things worse, the link already had over 200 external shares.
Once the spyware is installed, RatMilad craftily hides behind a VPN in order for it to avoid detection. It then proceeds to gather information like contacts, call logs, GPS location data, text messages, and other potentially important information.
The article by Tom's Guide notes that the best way to not fall victim to these fake Android apps that contain spyware is to strictly download apps coming from the official Google Play Store, Amazon Appstore or other app stores like the Samsung Galaxy Store to avoid higher risks of getting infected.
Related Article: Avast Releases FREE Ransomware Decryptor for Hades Variant - Here's How to Get
This article is owned by Tech Times
Written by Urian B.