Cybercriminals who are resorting to using this malware known as Rafel RAT They are putting on the boots and they do not stop squeezing it with the intention of making users have a lot of headaches. In some cases, according to comments from security experts that come from the network, it is suggested that the malware activates a ransomware system that blocks the victims’ mobile phones until they make a release payment through Telegram.
How infection occurs?
As usual, this is a threat that is hidden in certain applications or that is distributed through them with malicious links. In many cases, according to security firm Check Point, this threat is hidden camouflaged as an antivirus in which users end up giving permissions that they shouldn’t. Other times it comes through links from Telegram, WhatsApp, Instagram and many other apps that can be installed on mobile phones.
Once the Rafel RAT malware breaks into a victim’s cell phoneDepending on the cybercriminal’s intentions, it can generate different effects. Hackers who take advantage of this can use a wide series of malicious commands, although they say that the five most common are the following: ransomware (to encrypt and lock the mobile), wipe (to delete files remotely), LockTheScreen ( blocks the mobile and makes it useless), sms_oku (sends all SMS and 2FA codes to the cybercriminal’s control center) and location_tracker (filters the location of the mobile, with all that that entails). However, there are more commands that cybercriminals can use, so this is a really dangerous infection.
Who is at risk?
As we said, they are old Android phones. But how old exactly? As they say from Check Point, these are terminals that use a version of Android that has been categorized as obsolete. According to their figures, 87.5% of those affected by these malware attacks have Android 11 or an earlier version, while 12.5% have Android version 12 or 13. If we talk about brands, there is practically no manufacturer let it be saved. This shows that the problem is not with the brand, but with using an Android mobile that has become obsolete, something that is never recommended because it can expose you to this type of problems.
Regarding whether it is a significant risk at the user level or not, Check Point mentions that many of those affected are members of the government, the military sector or even people from big companies. This should lessen a bit of seriousness for users, but it does not mean that they can feel safe if they have one of these mobile phones in their possession. What is said to relax us a little is knowing that most of the victims are physically in China, the United States or Indonesia.
One of the situations that has been given as an example by Check Point has been the attack suffered by a user whose call logs have been deleted by cybercriminals, their screen has been blocked, their image background has been changed and they have activated the vibration. They have also sent him an SMS message with a comment telling him Contact them on Telegram to solve the problem you have with your mobile. From that moment on, they ask him to pay a ransom for the cell phone and, if he does not do so, he knows that he could face worse consequences.
The advice given by Check Point so that this does not happen to you is the usual advice that you have surely heard. Above all, do not download APK files of dubious applications because you never know what they may have inside. Second, do not click on URLs that you receive in messages or SMS and, finally, always check everything you are going to install using Play Protect. This will reduce your level of risk, although it is obvious that, above all, you should think about abandoning the use of mobile phones that are no longer protected.
