SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AI
#
Breach Prevention
#
Cybersecurity
Zimperium warns enterprises about new android spyware threat
Thu, 6th Oct 2022
FYI, this story is more than a year old
Author image
By Mitchell Hageman, Managing Editor
Follow us

Zimperium has uncovered a new type of android spyware on an enterprise device dubbed ‘RatMilad’.

This new mobile trojan is said to be capable of malicious actions including reading, writing and deleting files, recording sound, and setting new application permissions. 

It was discovered in the Middle East by Zimperium’s research team after a failed infection of an enterprise device that was protected by Zimperium’s on-device machine-learning malware engine.

The company says the original variant of the previously unknown RatMilad spyware hid behind a VPN and phone number spoofing app called Text Me. 

After identifying the RatMilad spyware, the research team also discovered a live sample of the malware family hiding behind and distributed through NumRent, which is a renamed and graphically updated version of Text Me.

As of yet, the RatMilad spyware has not been found in any Android app store. Evidence shows the Iranian-based hacker group AppMilad used links on social media and communications tools, including Telegram, to distribute and encourage users to sideload the fake toolset and enable significant permissions on their device. 

The malicious actors have also developed a product website advertising the app, a ploy used to socially engineer victims into believing it is legitimate.

 After a user enables the app to access multiple services, the novel RatMilad spyware is installed by sideloading, enabling the malicious actor behind this instance to collect and control aspects of the mobile endpoint. 

The user is then asked to allow almost complete access to the device, with requests to view contacts, phone call logs, device location, media, and files, as well as send and view SMS messages and phone calls. 

Once installed and in control, the attackers can access the camera to take pictures, record video and audio, get precise GPS locations, and more.

Richard Melick, Director of Mobile Threat Intelligence at Zimperium, says that while spyware threats are increasingly common, this new threat from AppMilad shows how rapidly the mobile security environment is changing and that users may be significantly at risk.

“Though this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian-based hacker group AppMilad represent a changing environment impacting mobile device security,” he says.

“From Pegasus to PhoneSpy, there is a growing mobile spyware market available through legitimate and illegitimate sources, and RatMilad is just one in the mix. The group behind this spyware attack has potentially gathered critical and private data from mobile devices outside the protection of Zimperium, leaving individuals and enterprises at risk.”

Related stories
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Understanding the key to boosting cybersecurity habits: Kaspersky study
Keeper Security launches user-friendly passphrase generator
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services