A newly discovered Android spyware has been dubbed RatMilad and is infecting enterprise devices in the Middle East. Cyber security company Zimperium discovered the threat and claim that the original variant was found behind a VPN and phone spoofing app. The RatZMilad spyware was uncovered alongside a live sample of the malware family distributed through the updated phone spoofing app NumRent. Additionally, security researchers have reported that the threat actors behind the spyware developed a product website advertising the malicious app to lure victims into downloading it.
The RatMilad spyware is downloaded onto a victim’s device via sideloading after a user enables the app to access multiple services. This allows the malicious actors to control certain aspects of the mobile endpoint. The user is asked to allow permission for the app to access contacts, call logs, device location, media, and files. In addition, the app requests the ability to send and view SMS messages and phone calls. Therefore, a successful attack allows the attackers to access the camera, record video and audio, and obtain precise locations.