Afta Center’s warning about the release of new spy malware
According to IRNA’s report from AFTA Strategic Management Center, Zimperium announced that this Android spy malware is spread through malicious and advertising programs available in unreliable sources such as advertising VPNs with the ability to spoof numbers.
These malicious and adware programs are often used to verify the user account of communication and social media applications such as WhatsApp and Telegram, which, after installation, sends a request for permission to access the device’s settings and at the same time installs the malicious code.
Text Me and NumRent are the names of two malicious programs (Trojans) that lead to the installation of RatMilad malware. These two apps are not available in legitimate app stores like Google Play but are distributed on Telegram.
Also, the attackers and developers of RatMilad have created a dedicated website to promote the mobile remote access trojan (RAT) to make their program appear legitimate. This website is promoted through URLs shared on Telegram or other social media and communication platforms.
The task of RatMilad spy malware is to steal victims’ contact lists, text messages and files, as well as MAC addresses of Android devices, call logs, user account names, permissions, GPS location data, file list of SIM card information (mobile number, country, IMEI), list of applications. It steals installed applications along with their permissions and device information (model, Android version, brand, etc.).
After the malware collects the stolen intelligence data, it sends it to the C&C servers.
In addition to stealing the mentioned information, this malware has other capabilities such as audio recording, uploading files to the C&C server, deleting files and changing permissions.
Considering that the main method of infection with this malware is to download files from unreliable sources such as Telegram channels, the experts of the Strategic Management Center of Afta recommend that files be downloaded only from reliable and legal sources and that users avoid opening unsafe links.
Specialized news and technical information of RatMilad malware on the website Afat Strategic Management CenterIt has been published.