A new Android malware called MouseMilad was observed targeting a mobile device of a Middle Eastern enterprise by disguising itself as a fake phone number and VPN app.
The mobile trojan acts as an advanced spyware with the ability to receive and execute commands to collect and filter a variety of data from the infected mobile endpoint, Zimperium said in a report published by Zimperium. shared with The Hacker News.
Evidence gathered by the mobile security company shows that the malicious app was distributed through links on social media and communication tools like Telegram, tricking users into downloading the app and granting it multiple permissions. .
The idea behind embedding malware in a fake VPN and phone number spoofing service is also clever in that the app claims to allow users to verify social media accounts over the phone, a common technique. in countries with limited access.
“Once installed and controlled, attackers can access the camera to take pictures, record video and audio, get the exact GPS location, view photos from,” said Zimperium researcher Nipun Gupta. devices and more”.
Other features of RatMilad, spread through apps called Text Me and NumRent, make it possible for the malware to accumulate SIM information, clipboard data, SMS messages, call logs, contacts contacts and even perform file read and write operations.
Zimperium theorized that the moderators responsible for RatMilad purchased the source code from an Iranian hacker group called AppMilad and integrated it into a phishing app for distribution to unwitting users.
The scale of the infections is still unknown, but the cybersecurity company said it discovered the spyware in a failed attempt to infiltrate a customer’s enterprise device.
A post shared on the Telegram channel used to propagate the malware sample was viewed more than 4,700 times with more than 200 external shares, indicating limited scope.
“RatMilad spyware and Iran-based hacker group AppMilad represent a changing environment affecting mobile device security,” said Richard Melick, director of mobile threat intelligence at Zimperium. , said.
“From Pegasus to PhoneSpy, there’s a growing market for mobile spyware available through legal and illegal sources, and RatMilad is just one of them.”