A new Android malware called RatMilad has been discovered which is initially targeting mobile devices in the Middle East. This spyware, which works stealthily in the background without being suspected by its victims , is used to spy and steal data.
The mobile security firm Zimperium discovered this new malware capable of recording your conversations, accessing your data, spying on you and even deleting information on your smartphone if you fall into its clutches. That is, if you download and install it, so do not fall. Although for now it has not reached our region, it could, so be careful.
It is not found in the Play Store or third-party stores, so the main distribution channel for this Trojan is Telegram. Also, they have created a website to promote it to make it look more convincing and fool more people. This website is promoted through links on Telegram, other social networks and messaging apps, so do not directly access the links that reach you through these channels.
One of its main features is that it can steal data to blackmail victims, access private corporate systems, and many other uses. Those who want to give it cybercriminals!
What is NumRent and how does it affect its victims?
The spyware is distributed via a fake virtual number generator used to activate social media accounts called NumRent. When installed, the app requests risky permissions and uses them precisely to download the RatMilad malicious payload.
After being installed on a victim’s device, RatMilad hides behind a VPN connection and tries to steal the following data:
- Basic device information (model, brand, buildID, Android version)
- Device MAC address
- Account names and permissions
- List of installed apps and permissions
- Data from the clipboard of your mobile
- GPS location data
- SIM information (number, country, IMEI, state)
- Contact list
- SMS
- call logs
- file list
- file content
Not only that, but it can steal and delete files , modify permissions in the installed app and even use the microphone to listen to your conversations and record audio .
With this, they can steal personal data, photos, videos, private communications, corporate information and much more and give it the use they want… Even the most illegitimate.
Hundreds of victims, which could be more
For now, the Telegram channel used to distribute this virus has been viewed more than 4,700 times and had more than 200 external actions, but it could have many more victims over time and become more dangerous. It should also be borne in mind that it can be reached by other means and even be displayed on its own website.
Take extreme precautions on your mobile. Do not download apps outside the Play Store, have a good antivirus and do not open links from conversations on social networks, Telegram, WhatsApp or other media.
Also, check the permissions that are requested in the installations of apps that you do to see that there is nothing that raises suspicions.
There are many dangers that lie in wait for us on our smartphones, more and more, so it is important to be careful.