Iranian hacking group AppMilad has been distributing the Android spyware RatMilad in a new attack campaign targeted at enterprise users, according to SecurityWeek.
RatMilad, which features file manipulation, audio recording, and app permission modification capabilities, has been spread by AppMilad through the VPN and phone number spoofing app Text Me, as well as the Text Me variant NumRent, a Zimperium report showed. AppMilad also created a website to promote the apps in an effort to establish legitimacy. The report also found that AppMilad's post on Telegram that linked to the malicious app has been viewed more than 4,000 times and shared more than 200 times, but the extent of infections remains inconclusive. "Though this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian-based hacker group AppMilad represent a changing environment impacting mobile device security," said Zimperium Director of Mobile Threat Intelligence Richard Mellick.
Novel RatMilad Android spyware distributed by Iranian hackers
Iranian hacking group AppMilad has been distributing the Android spyware RatMilad in a new attack campaign targeted at enterprise users, according to SecurityWeek.
Attackers who successfully activated "CSS Combine" and "Generate UCSS" within Page Optimization settings could leverage the vulnerability not only to exfiltrate sensitive data but also to elevate privileges and facilitate website takeovers for further compromise, according to an analysis from Patchstack.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.