A new strain of Android malware, known as "RatMilad", is being used in the Middle East to steal data and spy on victims via malicious apps.

New Android Malware Is Being Used in the Middle East

"RatMilad", a new type of Android malware, is now being used within the Middle East to spy on victims via their smartphones and steal data. RatMilad is a kind of spyware, which are malware programs used to spy on victims through their devices. RatMilad is capable of recording both video and audio, giving the attackers the ability to listen in on private conversations and conduct remote surveillance.

On top of this, RatMilad allows malicious actors to change application permissions on victims' devices.

RatMilad is infecting devices via a phony VPN and number spoofing apps Text Me and NumRent. These apps are being spread through links on social media, meaning almost anyone could be exposed to RatMilad. Once the phony app is installed onto the device, RatMilad can start stealing data and spying on victims. It is being used in this campaign by an Iranian hacker group known as AppMilad.

RatMilad First Found by Mobile Security Firm

computer code in shape of skull

The RatMilad malware strain was first discovered by Zimperium, a mobile security firm. The company tweeted on October 5th, 2022, that its research team had discovered RatMilad, which was active in the Middle East.

In a Zimperium blog post, it was stated that hackers can "sideload the fake toolset and enable significant permissions on the device" once the RatMilad spyware is active. In the same blog post, Zimperium claimed that it had not found any RatMilad-infected apps within the Android store. It is through social media outlets, such as Telegram, that download links are being shared.

RatMilad Can Access All Kinds of Data

Using the RatMilad spyware, attackers can get their hands on various kinds of information on a victim's device. This is because RatMilad can act as a Remote Access Trojan (RAT), which contributes to its name. Zimperium stated in the aforementioned blog post that RatMilad can access contact lists, call logs, SMS lists, device information, and file lists. Even a victim's SIM card information can be accessed, as well as the device's GPS location.

RatMilad Poses a Significant Threat to Android Users

With the array of malicious functions that RatMilad can carry out, it is undoubtedly a very dangerous program. Though RatMilad has only been recorded in use within the Middle East at the time of writing, we may see it spread elsewhere in the coming months.