RatMilad Malware Spotted Targeting Mobile Devices
A research team with mobile security company Zimperium recently spotted a new malware targeting Android-based mobile devices. The new strain is called RatMilad and was used primarily in attacks on devices located in the Middle Eastern region and used by corporate entities.
While tracking the malware's history, Zimperium discovered its earlier version was disguised as an app that claimed to provide spoofed phone numbers used for social platform verification. The latest version Zimperium discovered was distributed inside an app named NumRent, implying a similar type of number spoofing service, with the application being a visual refresh of the older spoofing app called Text Me.
Upon installation, the malicious carrier app asks for a ton of permissions, including accessing contacts, location, logs, files and media as well as messages and voice calls.
The application carrying the RatMilad payload is not distributed through the Google Play Store. Instead, the threat actors behind the malware use social engineering and malicious advertising to encourage victims to download the malicious package through third-party websites and locations.
Once deployed, the malware can steal a significant number of data sets from the device and lead to serious privacy issues.