Security News > 2024 > June > Open-source Rafel RAT steals info, locks Android devices, asks for ransom

Open-source Rafel RAT steals info, locks Android devices, asks for ransom
2024-06-24 11:37

The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state.

Check Point researchers have observed around 120 different malicious campaigns leveraging the malware, hitting devices around the world, but primarely in the US, China, India and Indonesia.

Top device models targeted with Rafel RAT. Rafel RAT bores into Android devices.

The malware is operated via a PHP panel, through which the attackers can see information about the compromised devices and send commands to them.

Users are asked to allow the app to have Notifications or Device Admin rights and permissions that allow it to grab sensitive info.

The researchers have also identified a ransomware operation using the Rafel RAT: the threat actors first extract information and then determines whether they will encrypt/lock the device and ask for a ransom.


News URL

https://www.helpnetsecurity.com/2024/06/24/android-rafel-rat/