When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

New Android malware 'RatMilad' spies on victims, hides behind fake app

A red malicious-looking version of the Android mascot

Mobile security firm Zimperium has discovered a new strain of Android malware called 'RatMilad' targeting mobile devices in the Middle East. According to the company, the malware is being used for cyber espionage, extortion, or to eavesdrop on victims' conversations.

The malware is hidden behind a fraudulent VPN and phone number spoofing app called "NumRent." NumRent is distributed via links on social media as well as communication apps like Telegram and WhatsApp. To convince people of the app's legitimacy, the cybercriminals behind it created a website advertising the app.

Fraudulent app NumRent
Image: ZImperium

Once installed, RatMilad hides behind a VPN connection and exfiltrates data such as:

  • SMS messages
  • Call logs
  • Clipboard data
  • Device information (e.g., model, brand, build number, Android version)
  • GPS location data
  • SIM information
  • Contacts
  • Installed applications list

What's more, RatMilad can delete data and upload files to its command-and-control server, modify app permissions, and use the device's microphone to record audio and eavesdrop on conversations.

According to Zimperium, the cybercriminals behind RatMilad are following a random-target approach instead of targeting certain individuals and businesses.

To protect your Android device from RatMilad and other malware, avoid downloading apps from third-party app stores. Also, scan for malware frequently and review your apps' permissions for anything that might seem out of place.

Report a problem with article
The Surface Duo 2 with a 12L sign behind it
Next Article

Android 12L will bring Windows 11 design bits to Surface Duo

OneDrive logo with a danger skull sign on top
Previous Article

Beware: Your Microsoft OneDrive could be under the spell of a crypto miner