New Android Rafel RAT Takes Complete Control Of Your Android Device
Android has many features and access to apps but is prone to security risks due to its open-source nature.
Android malware, viruses, Trojans, ransomware, spyware, and adware programs threaten the data privacy and integrity of users.
These threats exploit different attack vectors, including app downloads, malicious sites, phishing, and system vulnerabilities.
Understanding Android malware becomes imperative as attackers become more sophisticated in their evasion techniques.
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
Cybersecurity researchers at CheckPoint identified Rafel RAT, an open-source tool that enables remote administration for malicious activities on Android devices. Consequently, there’s a strong need to improve security measures within the Android ecosystem.
Android Rafel RAT
Check Point Research discovered that around 120 malicious campaigns targeting high-profile organizations globally were using Rafel, an open-source Android RAT used by multiple threat actors.
However, Rafel can be utilized, among other things, for remote access to a compromised system network or device.
Frequently targeted were those with outdated Android versions, such as Samsung, Google, and Xiaomi devices, which became victims.
Victim devices (Source – Check Point)
The malware appears just like one of the real apps, requests permissions, and communicates with C&C servers over HTTP(S). Using PHP panel, hackers monitor and control infected devices.
Not only that even they can get sensitive information and execute commands remotely.
Rafel RAT features (Source – Check Point)
This highlights significant risks in the Android ecosystem, with observed malicious activities including ransomware operations, 2FA bypasses, and government site hacks.
Rafel uses DeviceAdmin authorizations to lock screens, block uninstallations, and encrypt or delete files.
This might have been a recent Iranian campaign that targeted a Pakistani victim through Rafel malware, used to compromise devices and show extortion pop-ups.
Still, the same hacker infiltrated one of the Pakistani government sites and installed a C&C portal for Rafel.
It’s an open-source program with a large range of features, including options such as bypassing 2FA, which make it highly adaptable to threat actors focusing on different countries.
Consequently, Android security measures must be defensive in nature, such as threat intelligence, endpoint protection, user education, and collaboration among stakeholders within the information security ecosystem.
IOCs
SHA256:-
d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320
442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9
344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821
c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63
9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de
5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b
Command And Control Servers:-
districtjudiciarycharsadda.gov[.]pk
kafila001.000webhostapp[.]com
uni2phish[.]ru
zetalinks[.]tech
ashrat.000webhostapp[.]com
bazfinc[.]xyz
discord-rat23.000webhostapp[.]com
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post New Android Rafel RAT Takes Complete Control Of Your Android Device appeared first on Cyber Security News.