A new malware named “RatMilad” is posing a serious threat to Android users worldwide. Mobile security firm Zimperium Labs has highlighted the risk associated with the threat. Learn what is RatMilad spyware and how to remove the malware from Android devices.
“Similar to other mobile spyware we have seen, the data stolen from these devices could be used to access private corporate systems, blackmail a victim, and more,” stated Zimperium Labs in a report warning about the risks of this critical malware.
“The malicious actors could then produce notes on the victim, download any stolen materials, and gather intelligence for other nefarious practices.”
What is the RatMilad Malware?
RatMilad is an Android threat from the Remote Access Trojan (RAT) category having spyware capabilities. It was discovered targeting users in the Middle East on a large basis by mobile security firm Zimperium Labs.
This malware is distributed via NumRent– a VPN and phone number spoofing application. Before that, RatMilad was hiding behind another app called TextMe. NumRent is the renamed and graphically modified version of the TextMe app.
The RatMilad malware allows threat actors to collect sensitive data, steal information, and perform several actions remotely. This poses a serious risk to Android users.
What are the Risks Associated with the RatMilad Malware?
The RatMilad Malware is capable of spying on victims, stealing their data, and performing remote actions on their devices. This could lead to serious risks like cyber espionage, extortion, monetary loss, data leak, and eavesdropping as noted by Zimperium.
RatMilad hides behind the fake VPN app NumRent which requests permissions to access contacts, call logs, make calls, SMS messages, device location, and viewing media and files stored on the device. It mandatorily asks for these permissions to con the users.
After that, the NumRent application is capable of accessing the camera to take pictures, record video, and audio, obtain your GPS location, make calls and send messages, and view the images as well as other data and media files on your device.
RatMilad performs these operations secretly and your data is continuously stolen while the threat actors behind the malware keep looking for the right opportunity to attack your device.
What are the Signs & Symptoms of RatMilad Malware-Affected Devices?
It’s pretty hard to figure out if your Android device is infected by the RatMilad malware. However, there are certain symptoms that you can look for to determine if you have an affected Android device. You need to look for the following signs:
- The device is running slow and lagging despite having enough memory (RAM).
- System settings on the device are getting modified automatically.
- You notice some applications on the device that you didn’t install.
- The data and battery usage has increased significantly without your use.
- Receiving calls and messages from unknown international numbers.
If you have noticed one or all of these symptoms, then your device may be affected by the virus and needs to be cleaned. You should also think if you have recently installed NumRent or any other suspicious application recently.
Think about any suspicious links that you may have opened unknowingly. You can also use a reliable antivirus app to scan for malware. However, most of them are unable to detect it as of this writing.
How is the RatMilad Malware distributed to Android users?
The RatMilad malware is distributed via the NumRent app through social media apps like Telegram and other third-party websites. This malware infects the device when a user grants the required permissions to the NumRent app.
Remember that this application isn’t available on the Play Store or App Store. It is distributed via social media apps and other channels as an app that provides temporary numbers to receive SMS.
Users from regions where certain platforms are banned often fall for such apps as it’s a fake virtual number provider and VPN app. NumRent even has a website to promote itself and infect as many Android devices as it could.
The cybercriminals promote the website through URLs shared on Telegram and other social media platforms with fake descriptions. You won’t be able to detect them as they are shortened using a link shortener tool.
How to Remove the RatMilad Malware from Android Devices?
If you believe that your Android device is infected by the RatMilad malware, you must remove it manually. We won’t recommend any antivirus application that you can install, scan, and use to remove the malware.
Instead, the best way to remove RatMilad malware from your Android device is to factory reset (hard reset) it and remove all data. The procedure for factory reset differs from device to device.
On Samsung smartphones, you can go to Apps> Settings> Backup & Reset> Factory data reset> Erase everything. After that, all the data, permissions, and settings will be reset to the factory version.
On some Android devices, you can press and hold the power button and both volume up and down buttons to trigger the factory reset. You can refer to the user manual device or the website of the manufacturer to find out the specific steps you need to follow.
However, remember that you’ll be losing all your data, apps, and settings once you reset your device. So, create a backup of your important data, usernames and passwords, and other data before proceeding with the hard reset.
Tips to Prevent RatMilad Malware from Affecting your Android Device
Once you have removed RatMilad from your Android device, there are certain safety precautions that you must follow to not get attacked again. Even when you haven’t been attacked, you should follow these tips to stay safe from the malware:
- Don’t install apps from any resource other than the official app stores (Play Store and App Store).
- Don’t click on any unknown links you find on websites, emails, and messages.
- Refrain from clicking on any links sent from unknown users on social media platforms.
- Keep scanning your Android device using a reliable antivirus app.
- Only use known VPN apps like ExpressVPN, NordVPN, ProtonVPN, etc.
- Never install apps having zero or less than ten ratings and reviews.
- Only install apps after going through the reviews.
- Never grant unnecessary permissions to the apps. For instance, if the Calculator app on your device is asking for Camera permission, deny it.
- Always keep a check on your Android device when it shows abnormal behavior.
As the popular saying goes, “Prevention is always better than treatment,” you should always follow these precautions to make sure that your Android device is never affected by a virus or malware.
That’s all for this post. I hope you have learned enough about RatMilad. Don’t forget to make your peers aware of the risks by sharing this post with them.