Malware attacks Android phones that use an older version of the OS to lock these devices and then demand ransoms. Cybercriminals are using this new threat to target high-profile targets across the world.
THE threats on Android continue to become more sophisticated. These exploit the slightest vulnerability of obsolete devices and systems. Recently, malware like PixPirate, which steals banking data by hiding inside devices, and Brokewell, which disguises itself as a fake Chrome update to access financial apps, has caused havoc. These examples show how cybercriminals are getting smart to attack unsuspecting users.
A malware named Rafel RATwhose source code is accessible to everyonespecifically targets Android phones that use outdated versions of the operating system. This malware, used in more than 120 attacks, locks devices and demands a ransom. The main victims so far are government and military organizations in the United States, China and Indonesia.
This malware targets outdated Android phones
Rafel RAT is spread in different ways, often via fraudulent apps imitating popular companies like Instagram, WhatsApp, or online shopping sites. During installation, it asks for risky permissions, such as exempting battery optimization for run in background. The commands it can execute include file encryption, data deletion, screen lock, and real-time device location.
On the same topic – Uninstall these free VPNs on Android immediately, they put your private data at risk
According to Check Point, approximately 10% of Rafel RAT infections activate the ransomware module. The latter then uses an encryption key to lock victim’s files. If the malware gains administrator rights, it can even change the lock screen password and display a ransom message. To avoid these attacks, it is crucial not to download applications from dubious sources, not to click on suspicious links in emails or SMS, and to scan applications with Google Play Protect before opening them.
Source: bleepingcomputer