Security News > 2024 > June > Rafel RAT targets outdated Android phones in ransomware attacks
An open-source Android malware named 'Rafel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram.
Researchers Antonis Terefos and Bohdan Melnykov at Check Point report detecting over 120 campaigns using the Rafel RAT malware.
This proves Rafel RAT is an effective attack tool against an array of different Android implementations.
The ransomware module in Rafel RAT is designed to execute extortion schemes by taking control of the victim's device and encrypting their files using a pre-defined AES key.
Check Point's researchers observed several ransomware operations involving Rafel RAT, including an attack from Iran that performed reconnaissance using Rafel RAT's other capabilities before running the encryption module.
Linux version of RansomHub ransomware targets VMware ESXi VMs. New Fog ransomware targets US education sector via breached VPNs. Over 90 malicious Android apps with 5.5M installs found on Google Play.
News URL
Related news
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Five backup lessons learned from the UnitedHealth ransomware attack (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)