"Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices"

RatMilad, a novel Android malware, has been observed targeting a Middle Eastern enterprise mobile device while masquerading as a Virtual Private Network (VPN) and phone number spoofing app. The mobile Trojan acts as advanced spyware, receiving and executing commands to collect and exfiltrate a wide range of data from the infected mobile endpoint, according to Zimperium. Evidence shows that the malicious app is distributed via links on social media and communication tools such as Telegram, tricking users into sideloading the app and granting it permissions. The idea behind embedding the malware in a fake VPN and phone number spoofing service is clever, as the app claims to allow users to verify social media accounts via phone, a popular technique in countries where access is restricted. Once installed and in command, the attackers could use the camera to take photos, record video and audio, obtain precise GPS locations, view pictures from the device, and more. Other RatMilad features allow the malware to collect SIM card information, clipboard data, SMS messages, call logs, contact lists, and even perform file read and write operations. Zimperium hypothesized that the RatMilad operators obtained source code from an Iranian hacker group known as AppMilad and integrated it into a fraudulent app for distribution to unsuspecting users. This article continues to discuss the distribution and capabilities of the RatMilad Android malware. 

THN reports "Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices"