The Android malware “Rafel RAT” has been identified in more than 120 Global Cyberattack Campaigns

Technology Joy REPORT
The Android malware “Rafel RAT” has been identified in more than 120 Global Cyberattack Campaigns
The Android malware “Rafel RAT” has been identified in more than 120 Global Cyberattack Campaigns
The Android malware “Rafel RAT” has been identified in more than 120 Global Cyberattack Campaigns

The cybersecurity group of the company Check Point Software has identified the use of Rafel RAT (RAT, for its acronym in English Remote Administration Tool) in more than 120 global cyberattack campaigns in the last two years. This Android malware allows remote access, surveillance, data theft, and file encryption. It has been mainly used in phishing campaigns through social engineering.

Rafel RAT has been mainly used in phishing campaigns. Attackers use social engineering tactics to trick victims through messages and conversations that encourage them to install malicious APKs, grant access permissions, or interact with web pages that imitate legitimate sites. High-profile cases include detection on a Pakistani government website, ransomware attacks, and the theft of double authentication messages.

Most of the affected devices (brands such as Samsung, Xiaomi, Vivo and Huawei) were using outdated versions of Android, making it easier to be infected by this type of malware. Rafel RAT spreads through various entry routes such as downloading malicious applications, compromised websites, phishing attacks, and operating system vulnerabilities.

Depending on the modifications, the malware may request permissions for notifications or device administrator rights or stealthily search for minimal and sensitive permissions (such as SMS, call logs, and contacts). Likewise, the malware begins its background operations immediately upon activation, then deploys a background service that generates a misleadingly labeled notification while operating covertly. At the same time, starts an internal service to manage communications with the command and control server (DC).

More information:
– RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/
– Widespread Use of Rafel RAT Puts 3.9 Billion Android Devices at Risk https://hackread.com/rafel-rat-puts-3-9-billion-android-devices-at-risk/
– Koodous analysis https://x.com/koodous_project/status/1805490706296799599

About Hispasec

Hispasec has written 7056 publications.

 
For Latest Updates Follow us on Google News
 

-

PREV Artificial intelligence for iPhone, iOS 18 and all Apple announcements at its WWDC 2024 event
NEXT Microsoft is very serious about the arrival of Call of Duty: Black Ops 6 to Game Pass. All subscribers will receive ‘free’ early access to the video game beta – Call of Duty: Black Ops 6

Related posts

A man died after being struck by lightning while trying to save a group of children on the beach

What is the difference between Presidential Elections and Legislative Elections in France?

Alert in the Caribbean: Storm Beryl has become a Category 1 hurricane

The computer smaller than a Mac Mini that can handle big video games