SECURITY
SECURITY
SECURITY
New ‘RatMilad’ Android spyware targets enterprise devices in the Middle East
Researchers at mobile security company Zimperium Inc.’s zLabs today detailed a newly discovered form of Android spyware that is being used to target enterprise devices in the Middle East.
Dubbed “RatMilad,” the original variant of the spyware was found hidden behind a virtual private networking and phone number spoofing app called Text Me. After identifying the RatMilad spyware, the zLabs team also discovered a live sample of the malware family hiding behind and distributed through NumRent, a renamed and graphically updated version of Text Me.
Digging into the spyware, the researchers found evidence that linked RatMiland to the Iranian-based hacker group AppMilad. The ties to the Iranian hacking group were discovered through links on social media and communications tools, including Telegram, used to distribute and encourage users to sideload the fake toolset and enable significant permissions on their device. The malicious actors were also found to have developed a product website advertising the app to “socially engineer” victims into believing it’s legitimate.
When a user allows either Text Me or NumRent to access multiple services, RatMilad spyware is installed by sideloading, enabling the malicious actor to collect and control aspects of the mobile endpoint.
The user is asked to allow almost complete access to the device, with requests to view contacts, phone call logs, device location, media and files, as well as send and view SMS messages and phone calls. Once installed and in control, those behind AppMilad can access a phone’s camera to take pictures, record video and audio, obtain GPS locations and more.
“Though this is not like other widespread attacks we have seen in the news,” explained Richard Melick, director of mobile threat intelligence at Zimperium. “The RatMilad spyware and the Iranian-based hacker group AppMilad represent a changing environment impacting mobile device security. From Pegasus to PhoneSpy, there is a growing mobile spyware market available through legitimate and illegitimate sources and RatMilad is just one in the mix.”
Melick added that the group behind this spyware attack has potentially gathered critical and private data from mobile devices, leaving individuals and enterprises at risk.
To ensure Android users are protected from RatMilad, the researchers recommend a quick risk assessment and for admins to review which apps are sideloaded onto a device that could increase the mobile attack surface leaving data and users at risk.
Image: Zimperium/NumRent
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
