Rafel RAT Stealthy Malware Threatening Android Devices
A particularly concerning type of malware, called Rafel RAT, operates stealthily on devices, providing malicious actors with a powerful toolkit for remote administration and control.
The latest warning comes from Antonis Terefos and Bohdan Melnykov of cyber threat intelligence company Check Point Research. They explain that Rafel RAT enables a range of malicious activities, from data theft to device manipulation, and can even hack two-factor authentication.
“Rafel’s features and capabilities — such as remote access, surveillance, data exfiltration, and persistence mechanisms — make it a potent tool for conducting covert operations and infiltrating high-value targets,” said Terefos and Melnykov.
The malware disguises itself as legitimate applications, including Instagram, WhatsApp, various e-commerce platforms, antivirus programs, and support apps for numerous services. By downloading these apps, users may unknowingly grant the app administrators control over their data and phone functionality.
Detected Commands Include Accessing Or Erasing Data
Detected commands include accessing or erasing data, overseeing passwords, and more. Some users have reported having their contacts and messages accessed, with two-factor authentication messages intercepted and used to gain access to other accounts. In its most severe form, the malware can prevent its uninstallation.
“If a user attempts to revoke admin privileges from the application, it promptly changes the password and locks the screen, thwarting any attempts to intervene,” Terefos and Melnykov said. In one instance, a user’s call history was wiped before a message directed them to a Telegram channel appeared on their phone.
Most affected users have Samsung phones, but Xiaomi, Vivo, and Huawei users have also been impacted. Most of these users have older model phones. According to Terefos and Melnykov, malware can generally operate across all handsets, but newer versions of the operating system typically present more challenges for malware to execute its functions or require more actions from the victim to be effective.
“More than 87 percent of the affected victims are running Android versions that are no longer supported and, consequently, not receiving security fixes,” they noted.
Rafel RAT should be taken extremely seriously as a threat. Terefos and Melnykov emphasize the importance of continual vigilance and proactive security measures to safeguard Android devices against malicious exploitation.
“As cyber criminals continue to leverage techniques and tools such as Rafel RAT to compromise user privacy, steal sensitive data, and perpetrate financial fraud, a multi-layered approach to cybersecurity is essential,” they concluded.
