Security News > 2024 > June > Ratel RAT targets outdated Android phones in ransomware attacks

Ratel RAT targets outdated Android phones in ransomware attacks
2024-06-22 14:19

An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram.

This proves Ratel RAT is an effective attack tool against an array of different Android implementations.

The ransomware module in Rafel RAT is designed to execute extortion schemes by taking control of the victim's device and encrypting their files using a pre-defined AES key.

Check Point's researchers observed several ransomware operations involving Rafel RAT, including an attack from Iran that performed reconnaissance using Ratel RAT's other capabilities before running the encryption module.

Linux version of RansomHub ransomware targets VMware ESXi VMs. New Fog ransomware targets US education sector via breached VPNs. Over 90 malicious Android apps with 5.5M installs found on Google Play.

Finland warns of Android malware attacks breaching bank accounts.


News URL

https://www.bleepingcomputer.com/news/security/ratel-rat-targets-outdated-android-phones-in-ransomware-attacks/