Android Spyware ‘RatMilad’ Targets Enterprise Devices in Iran

Security

A newly discovered Android spyware family dubbed ‘RatMilad’ has been observed trying to infect an enterprise device in the Middle East.

The discovery comes from security researchers at Zimperium, who said the original variant of the previously unknown RatMilad spyware hid behind a VPN and phone number spoofing app called Text Me.

After identifying the RatMilad spyware, the Zimperium team also uncovered a live sample of the malware family distributed through NumRent, a graphically updated version of Text Me.

Additionally, the malicious actors reportedly developed a product website advertising the app to socially engineer victims into believing it was legitimate.

From a technical standpoint, the RatMilad spyware is installed by sideloading after a user enables the app to access multiple services. This allows the malicious actors to collect and control aspects of the mobile endpoint.

In particular, following installation, the user is asked to allow access to contacts, phone call logs, device location, media and files, alongside the ability to send and view SMS messages and phone calls. 

Consequently, a successful attack will result in threat actors accessing the camera to take pictures, record video and audio, get precise GPS locations and more.

“Though this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian–based hacker group AppMilad represent a changing environment impacting mobile device security,” explained Richard Melick, director of mobile threat intelligence at Zimperium.

According to the executive, a growing mobile spyware market is available through legitimate and illegitimate sources, including tools like Pegasus and PhoneSpy

“RatMilad is just one in the mix,” Melick added. “The group behind this spyware attack has potentially gathered critical and private data from mobile devices outside the protection of Zimperium, leaving individuals and enterprises at risk.”

The discovery comes months after Zimperium published its 2022 Global Mobile Threat Report, which suggested a 466% increase in zero–day attacks against mobile devices.

Products You May Like

Articles You May Like

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
US Organizations Still Using Kaspersky Products Despite Ban
Sophisticated TA397 Malware Targets Turkish Defense Sector
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Leave a Reply

Your email address will not be published. Required fields are marked *