Android users warned over new spyware that records calls and accesses camera and data

Android users warned over new spyware that records calls and accesses camera and data

A US mobile security firm is raising the alarm on a new form of Android spyware, enabling a disturbing level of remote access capability.

Disguised inside an app and shared on social media, the spyware – called RatMilad by the mobile device and app security company Zimperium, which uncovered it – allows hackers to spy on victims through their phone cameras and record their phone calls.

It can also access and collect data from contact and SMS lists, call logs, and GPS locations, read, write and delete files, and change device and app permissions.

Watch the latest News on Channel 7 or stream for free on 7plus >>

“The attackers could access the camera to take pictures, record video and audio, get precise GPS locations, view pictures from the device, and more,” Zimperium warned in a blog post.

“The data stolen from these devices could be used to access private corporate systems, blackmail a victim, and more.

“The malicious actors could then produce notes on the victim, download any stolen materials, and gather intelligence for other nefarious practices.”

Android malware enabling a disturbing level of remote access on mobile phones has been found inside a fake and malicious app called NumRent. Credit: SOPA Images/SOPA Images/LightRocket via Gett

The spyware targets Middle Eastern enterprise devices (mobile devices linked to businesses). The Zimperium zLabs research team found the original variant hiding behind a VPN and inside a phone number spoofing app called NumRent, a renamed and graphically updated version of Text Me.

Scammers commonly use phone number spoofing to allow users to make calls and texts from a fake caller ID and verify multiple accounts.

RatMilad spyware has not been found in any Android app store but download links are being shared on social media and through communication tools, according to Zimperium.

The developers have even created a legitimate-looking website for NumRent with download prompts.

“The malicious actors have also developed a product website advertising the app to socially engineer victims into believing it is legitimate,” Zimperium said.

Hackers developed the product website. Credit: Supplied

In this case, the app prompts the user to accept certain permissions and sideload a toolkit which installs RatMilad and enables remote access from the malicious actor.

“Spyware such as RatMilad is designed to run silently in the background, constantly spying on its victims without raising suspicion,” Zimperium said.

“For any device that has been compromised by spyware, the malicious actors behind RatMilad have gathered significant amounts of personal and corporate information on their victims, including private communications and photos.”




You might like

About the Author: Bob Thompson

Bob Thompson is our inhouse Home and Garden, Energy and Gaming news writer. Bob is keenly aware of the need to recycle. Bob has written for many online publications over the course of his writing career, before joining our team.