Security News > 2024 > June > Open-source Rafel RAT steals info, locks Android devices, asks for ransom
The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state.
Check Point researchers have observed around 120 different malicious campaigns leveraging the malware, hitting devices around the world, but primarely in the US, China, India and Indonesia.
Top device models targeted with Rafel RAT. Rafel RAT bores into Android devices.
The malware is operated via a PHP panel, through which the attackers can see information about the compromised devices and send commands to them.
Users are asked to allow the app to have Notifications or Device Admin rights and permissions that allow it to grab sensitive info.
The researchers have also identified a ransomware operation using the Rafel RAT: the threat actors first extract information and then determines whether they will encrypt/lock the device and ask for a ransom.
News URL
https://www.helpnetsecurity.com/2024/06/24/android-rafel-rat/
Related news
- Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices (source)
- Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids (source)
- Ratel RAT targets outdated Android phones in ransomware attacks (source)
- Rafel RAT targets outdated Android phones in ransomware attacks (source)