Sunday, December 22, 2024

Android users warned about horrifying attack that locks their phone

Must read

Experts have warned Android users to be wary of the apps they download onto their smartphones, with cyber attackers using “increasingly sophisticated techniques” to breach devices.

One type of malware, called Rafel RAT, operates stealthily on devices and “provides malicious actors with a powerful toolkit for remote administration and control”.

The latest warning comes from Antonis Terefos and Bohdan Melnykov, from cyber threat intelligence company Check Point Research.

Know the news with the 7NEWS app: Download today

Terefos and Melnykov say the malware can enable a range of malicious activities from data theft to device manipulation — and can even hack two-factor authentication.

“Rafel’s features and capabilities — such as remote access, surveillance, data exfiltration and persistence mechanisms — make it a potent tool for conducting covert operations and infiltrating high-value targets,” Terefos and Melnykov said.

The malware is impersonating legitimate applications including Instagram, WhatsApp and various e-commerce platforms, as well as antivirus programs and support apps for numerous services.

By downloading these apps, users may unknowingly allow the app administrators control over their data and phone functionality.

Commands detected include accessing or erasing their data, overseeing passwords and more.

Some users reported having their contacts and messages accessed, with two-factor authentication messages intercepted and used to access other accounts.

In its most severe form, the malware can prevent its own uninstallation.

“If a user attempts to revoke admin privileges from the application, it promptly changes the password and locks the screen, thwarting any attempts to intervene,” Terefos and Melnykov said.

In one instance, a user had their call history wiped before a message was displayed on their phone directing them to a Telegram channel.

Targeting older phones

The majority of people affected had Samsung phones, but Xiaomi, Vivo, and Huawei users have also been affected.

Most also had older model phones, Terefos and Melnykov said.

Malware can generally operate across all handsets, but “newer versions of the operating system typically present more challenges for malware to execute its functions or require more actions from the victim to be effective”, they said.

Experts have warned Android users to be wary of the apps they download. Stock imageExperts have warned Android users to be wary of the apps they download. Stock image
Experts have warned Android users to be wary of the apps they download. Stock image Credit: Getty Images

“More than 87 per cent of the affected victims are running Android versions that are no longer supported and, consequently, not receiving security fixes.”

Rafel RAT should be taken extremely seriously as a threat, Terefos and Melnykov said.

“The prevalence of Rafel RAT highlights the need for continual vigilance and proactive security measures to safeguard Android devices against malicious exploitation,” they said.

“As cyber criminals continue to leverage techniques and tools such as Rafel RAT to compromise user privacy, steal sensitive data, and perpetrate financial fraud, a multi-layered approach to cybersecurity is essential.”

Latest article