DIGITAL LIFE
New Android malware spies on and steals sensitive data
Researchers at Zimperium Labs have discovered a new Android malware called RatMilad, which targets smartphones and used to spy on targets and steal sensitive data. It is malicious software designed for cyber espionage, extortion and also to intercept any victim's conversation.
At the moment, it appears that malware is mostly prevalent in the Middle East, and the stolen data can be used to access private corporate systems, blackmail a victim, and more. Additionally, according to Zimperium Labs, bad actors can download stolen materials and gather sensitive information to carry out “malicious practices.”
Malware steals data from Android smartphones...Malware can perform various types of operations on the victim's device, hiding behind a VPN connection that is difficult to detect. The list of information it can retrieve is long: basic information (model, brand, Android version installed), device MAC address, contact list, text messages, call history, account, list of installed apps with relative permissions , clipboard data, geolocation data, SIM information (including IMEI), file list and content.
Currently RatMilad is spread via a fake virtual number generator called NumRent, which in turn is distributed with messaging apps (mostly Telegram). RatMilad is currently not transmitted via Google Play Store or third-party store apps: at first it requires risky permissions and then abuses them (once obtained) to carry the malicious payload.
To make it more credible, the actors behind the malware created an official NumRent website(image above), also promoted via Telegram or other social platforms. In addition to stealing user files, the malware can also delete them or change the permissions of installed apps and can gain access to microphones and intercept conversations that take place on the victim's device.
“Spywares like RatMilad are designed to run silently in the background, constantly spying on their victims without arousing suspicion” writes Zimperium sul official report: “We believe that the malicious actors responsible for RatMilad acquired the code from the AppMilad group and integrated it into an application fake to distribute to innocent victims.”
At the moment, fraudulent operators are distributing the malware to a very random and not well-targeted audience. The Telegram post where NumRent was promoted has just under 5k views and has been shared 200 times. The very simple advice: avoid installing apps with dubious APKs or, better yet, install them only from the Play Store.
mundophone
No comments:
Post a Comment