Malware News Ratel RAT targets outdated Android phones in ransomware attacks

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,366
An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram.

Researchers Antonis Terefos and Bohdan Melnykov at Check Point report detecting over 120 campaigns using the Rafel RAT malware.

Known threat actors conduct some of these campaigns, like APT-C-35 (DoNot Team), while in other cases, Iran and Pakistan were determined as the origins of the malicious activity.

As for the targets, Check Point mentions successful targeting of high-profile organizations, including in government and the military sector, with most victims being from the United States, China, and Indonesia.

In most of the infections Check Point examined, the victims ran an Android version that had reached the end of life (EoL) and was no longer receiving security updates, making it vulnerable to known/published flaws.

That is Android versions 11 and older, which accounted for over 87.5% of the total. Only 12.5% of infected devices run Android 12 or 13.

As for targeted brands and models, there's a mix of everything, including Samsung Galaxy, Google Pixel, Xiaomi Redmi, Motorola One, and devices from OnePlus, Vivo, and Huawei. This proves Ratel RAT is an effective attack tool against an array of different Android implementations.
Ratel RAT is spread via various means, but threat actors are typically seen abusing known brands like Instagram, WhatsApp, e-commerce platforms, or antivirus apps to trick people into downloading malicious APKs.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top