Mobile security firm Zimperium has discovered a new strain of Android malware called 'RatMilad' targeting mobile devices in the Middle East. According to the company, the malware is being used for cyber espionage, extortion, or to eavesdrop on victims' conversations.
The malware is hidden behind a fraudulent VPN and phone number spoofing app called "NumRent." NumRent is distributed via links on social media as well as communication apps like Telegram and WhatsApp. To convince people of the app's legitimacy, the cybercriminals behind it created a website advertising the app.
Once installed, RatMilad hides behind a VPN connection and exfiltrates data such as:
- SMS messages
- Call logs
- Clipboard data
- Device information (e.g., model, brand, build number, Android version)
- GPS location data
- SIM information
- Contacts
- Installed applications list
What's more, RatMilad can delete data and upload files to its command-and-control server, modify app permissions, and use the device's microphone to record audio and eavesdrop on conversations.
According to Zimperium, the cybercriminals behind RatMilad are following a random-target approach instead of targeting certain individuals and businesses.
To protect your Android device from RatMilad and other malware, avoid downloading apps from third-party app stores. Also, scan for malware frequently and review your apps' permissions for anything that might seem out of place.