Post Content Read More
Related Posts
New Android Rafel RAT Takes Complete Control Of Your Android Device
New Android Rafel RAT Takes Complete Control Of Your Android Device
Android has many features and access to apps but is prone to security risks due to its open-source nature.
Android malware, viruses, Trojans, ransomware, spyware, and adware programs threaten the data privacy and integrity of users.
These threats exploit different attack vectors, including app downloads, malicious sites, phishing, and system vulnerabilities.
Understanding Android malware becomes imperative as attackers become more sophisticated in their evasion techniques.
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
Cybersecurity researchers at CheckPoint identified Rafel RAT, an open-source tool that enables remote administration for malicious activities on Android devices. Consequently, there’s a strong need to improve security measures within the Android ecosystem.
Android Rafel RAT
Check Point Research discovered that around 120 malicious campaigns targeting high-profile organizations globally were using Rafel, an open-source Android RAT used by multiple threat actors.
However, Rafel can be utilized, among other things, for remote access to a compromised system network or device.
Frequently targeted were those with outdated Android versions, such as Samsung, Google, and Xiaomi devices, which became victims.
The malware appears just like one of the real apps, requests permissions, and communicates with C&C servers over HTTP(S). Using PHP panel, hackers monitor and control infected devices.
Not only that even they can get sensitive information and execute commands remotely.
This highlights significant risks in the Android ecosystem, with observed malicious activities including ransomware operations, 2FA bypasses, and government site hacks.
Rafel uses DeviceAdmin authorizations to lock screens, block uninstallations, and encrypt or delete files.
This might have been a recent Iranian campaign that targeted a Pakistani victim through Rafel malware, used to compromise devices and show extortion pop-ups.
Still, the same hacker infiltrated one of the Pakistani government sites and installed a C&C portal for Rafel.
It’s an open-source program with a large range of features, including options such as bypassing 2FA, which make it highly adaptable to threat actors focusing on different countries.
Consequently, Android security measures must be defensive in nature, such as threat intelligence, endpoint protection, user education, and collaboration among stakeholders within the information security ecosystem.
IOCs
SHA256:-
d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320
442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9
344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821
c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63
9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de
5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b
Command And Control Servers:-
districtjudiciarycharsadda.gov[.]pk
kafila001.000webhostapp[.]com
uni2phish[.]ru
zetalinks[.]tech
ashrat.000webhostapp[.]com
bazfinc[.]xyz
discord-rat23.000webhostapp[.]com
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post New Android Rafel RAT Takes Complete Control Of Your Android Device appeared first on Cyber Security News.
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
[[{“value”:”The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware.
The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands.
The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior.
According to operational technology (OT) security firm Claroty, the Read More