Zimperium’s zLabs research team recently discovered a new Android spyware family called RatMilad. Zimperium’s on-device machine-learning malware engine detected a failed infection of an enterprise device in the Middle East after discovering a RatMilad spyware sample.
Using the original version of RatMilad, the zLabs team discovered a live sample of the spyware family hiding behind and distributed through NumRent, a rebranded and graphically enhanced version of Text Me.
RatMilad spyware has not been discovered in any Android app store. It’s clear that the Iranian-based hacker group AppMilad used links on social media and communications tools such as Telegram to distribute and encourage users to sideload the fake toolset, as well as grant significant permissions on their device.
Victims have also been socially engineered into believing the app is legitimate by accessing its product website.
Richard Melick, Director of Mobile Threat Intelligence at Zimperium says this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian-based hacker group AppMilad represent a changing environment impacting mobile device security.
“From Pegasus to PhoneSpy, there is a growing mobile spyware market available through legitimate and illegitimate sources, and RatMilad is just one in the mix.”
“The group behind this spyware attack has potentially gathered critical and private data from mobile devices outside the protection of Zimperium, leaving individuals and enterprises at risk.”
RatMilad is a novel spyware that can be installed by sideloading once a user enables the app to use multiple accounts. The malicious actor then gains control of this mobile endpoint by collecting and controlling various features.
The user is asked to grant nearly complete access to the mobile device, including access to their contacts, phone call logs, location data, media, and files, as well as to send and receive SMS messages and phone calls.
Once the malicious actor has installed and controlled the app, they can take pictures, record video and audio, obtain precise GPS coordinates, and more.
