Zimperium’s cybersecurity experts have warned about a new spyware targeting the Android platform, which was hiding behind a supposed verification tool from a social network to infect the smartphones of professionals and thus monitor all their movements and actions on the device.
The original variant of the spyware would hide behind a VPN and a number spoofing app called TextMe that allows a user to verify a social media account. Investigators found the software at NumRent, an updated and rebranded version of Text Me.
When the user downloads this app, it enables different permissions and this opens the doors for RatMilad to be installed. It gives the user almost complete access to their smartphone, allowing requests to view contacts, call logs, access to location, media and files, and even the sending of SMS messages and phone calls.
Thus, the malicious actor behind this threat can collect and control different aspects of the mobile terminal. Once with the device in your possession, you are able to do things like access the camera to take photos, record video and audio, obtain precise GPS locations, view images from the phone, and many more.
A complete list of infected apps apart from NumRent has not been shared, but… It is worth noting that this app has been found on Telegram channels and groups with participants from Eastern European countries.