New Android malware family uncovered

Mobile security platform provider Zimperium has warned that it has discovered a new Android spyware family linked to an Iranian-based hacking group.

The malware, RatMilad, is being distributed by the AppMilad hacker group over social media and communications tools. The malicious actors have also designed a product website for the app designed to make it appear legitimate.

If a user enables the app to access multiple services, the novel RatMilad spyware is installed by sideloading, enabling the attacker to command and control aspects of the mobile endpoint, Zimperium said in a threat advisory. This includes the ability to access the camera to take pictures, record video and audio, and get precise GPS locations.

During installation, the user is asked to allow almost complete access to the device, with requests to view contacts, phone call logs, device location, media and files, as well as to send and view SMS messages and phone calls.

Zimperium Director of Mobile Threat Intelligence Richard Melick said the attack demonstrates the rapid growth of the mobile malware ecosystem.

“Though this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian-based hacker group AppMilad represent a changing environment impacting mobile device security,” he said.

“From Pegasus to PhoneSpy, there is a growing mobile spyware market available through legitimate and illegitimate sources, and RatMilad is just one in the mix. The group behind this spyware attack has potentially gathered critical and private data from mobile devices outside the protection of Zimperium, leaving individuals and enterprises at risk.”

Image credit: iStock.com/Nature