RatMilad Spyware Scurries onto Enterprise Android Phones

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://www.darkreading.com/mobile/ratmilad-spyware-scurries-enterprise-android-phones
Attackers have been using a new spyware against enterprise Android devices, dubbed RatMilad and disguised as a helpful app to get around some countries' Internet restrictions.

For now, the campaign is operating in the Middle East in a broad effort to gather victims' personal and corporate information, according to researchers from Zimperium zLabs. The original version of RatMilad hid behind a VPN- and phone-number-spoofing app called Text Me, researchers revealed in a blog post published Wednesday. The app's function is purportedly to enable a user to verify a social media account through his or her phone — "a common technique used by social media users in countries where access might be restricted or that might want a second, verified account," Zimperium zLabs researcher Nipun Gupta wrote in the post.

More recently, however, researchers discovered a live sample of the RatMilad spyware being distributed through NumRent, a renamed and graphically updated version of Text Me, via a Telegram channel, he said. Its developers also have created a product website for advertising and distributing the app, to try to fool victims into believing it is legitimate.
Click to expand...
Once deployed, RatMilad accesses like an advanced remote access Trojan (RAT) that receives and executes commands to collect and exfiltrate a variety of data and perform a range of malicious actions, researchers said.

"Similar to other mobile spyware we have seen, the data stolen from these devices could be used to access private corporate systems, blackmail a victim, and more," Gupta wrote. "The malicious actors could then produce notes on the victim, download any stolen materials, and gather intelligence for other nefarious practices." From an operational perspective, RatMilad performs various requests to a command-and-control server based on certain jobID and requestType, and then dwells and lies in wait indefinitely for the various tasks it can perform to execute on the device, researchers said. Ironically, researchers initially noticed the spyware when it failed to infect a customer's enterprise device.
Click to expand...
www.darkreading.com

RatMilad Spyware Scurries onto Enterprise Android Phones

A novel mobile malware found lurking behind a phone-spoofing app is being distributed via Telegram and a dedicated website, in a broad operation to monitor corporate victims.
www.darkreading.com www.darkreading.com
 
  • Like
  • +Reputation
Reactions: vtqhtr413, Gandalf_The_Grey, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

Ink
    • +Reputation
    • Like
    • Wow
CanesSpy Spyware discovered in modified WhatsApp clients
Replies
1
Views
958
News Archive
Ink
Ink
MuzzMelbourne
    • +Reputation
    • Like
Predator: Looking under the hood of Intellexa’s Android spyware
Replies
6
Views
2,214
News Archive
vtqhtr413
vtqhtr413
silversurfer
    • Like
    • +Reputation
    • Thanks
SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls
Replies
0
Views
1,004
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top