Android users beware: This new spyware can steal your data

Mobile security firm Zimperium Labs has recently discovered new Android spyware named ‘RatMilad’ that can spy on victims and steal their data. A report published by Zimperium Labs mentions that RatMilad spyware is currently targeting mobile devices in the Middle East and it can be used for extortion, cyber espionage and even for eavesdropping on victims’ conversations.
The report also warns that just like other mobile spyware, RatMilad can also steal data from these devices and use it to “access private corporate systems, blackmail a victim, and more.”
RatMilad’s distribution channels
The report mentions that the spyware is distributed through a fake app, known as NumRent. The app requests suspicious permissions when installed and if the victim approves the requested permissions, the app misuses them to sideload the dangerous RatMilad spyware. NumRent is a fake virtual number generator app that is used to activate social media accounts.

Since RatMilad is not available on the Google Play Store or third-party stores, the attackers use Telegram as their primary distribution channel, the report says. Additionally, the hackers controlling the spyware have also designed a dedicated website to promote the mobile remote access trojan (RAT) on social media platforms. By accessing the dedicated website, users tend to believe that the app is authentic.
How does it affect users
When RatMilad is successfully installed in the victim’s device, the spyware hides behind a VPN connection and tries to steal sensitive data including contact lists, call logs, account names and permissions, installed app lists, GPS location, SIM details and more.
Apart from this, RatMilad is also capable of carrying out file actions like deleting or stealing files, changing the permissions of the installed app and even using the handset’s microphone to record audio without the user knowing it.

The report also notes that RatMilad’s operators are going after random users and not focussing on a particular target. The Telegram channel that was used to distribute the spyware was externally shared over 200 times while the channel itself was viewed by over 4,700 users.
Android users can protect themselves from such spyware infections by downloading apps only from Google Play Store. Users should also run a scan on newly downloaded APKs and must be careful while reviewing permissions requested by apps during installation.