[ad_1]
Samsung and other Android users warned to update now due to RAT attack
Have you updated the software on your Samsung, Pixel or Xiaomi smartphone recently? If you haven’t, it’s time to look away now: Check Point’s cyber team has published a new report warning you about how big a risk updating can put you at and urging you to do so.
The researchers say they’ve tracked the Rafel RAT in the US, UK, China, Indonesia, Russia, India, France and Germany, detecting 120 dangerous campaigns over the past two years, which they warn is a reminder of “how much damage open-source malware techniques can cause, especially when targeting a large ecosystem like Android, which has over 3.9 billion users worldwide.”
And this RAT is particularly nasty, one you definitely don’t want on your phone: it sifts through all your personal data and sends whatever it wants back to its handlers without you realizing it, at least until it’s too late. “Our findings reveal that most of the victims used Google (Pixel, Nexus), Samsung Galaxy A & S series, and Xiaomi Redmi series,” Check Point said. But many other devices were also affected.
“It’s important to keep devices up to date with the latest security fixes, or replace them if they no longer receive patches,” said Check Point’s Alexander Chaylitko. “High-profile threat actors and even APT groups are constantly looking for ways to leverage easily available tools, especially such as the Rafel RAT, to exfiltrate sensitive data, leak two-factor authentication codes, conduct surveillance attempts, and leverage activity that could lead to covert operations.”
Rafel targets phones through installations from outside the Play Store, and while Google has been beefing up its defenses against these “non-Play Store apps,” the scale of the problem is massive. The company reports that its new real-time code-level scanning has “already detected over 5 million new malicious non-Play Store apps, helping to protect Android users around the world.”
Some of these threats are clearly more dangerous than others. “Rafel has all the essential functionality needed to effectively execute an extortion scheme,” Check Point says. “Once the malware has gained device administrator privileges, it can change the lock screen password. [and] Prevents malware from being uninstalled. If a user attempts to revoke administrative privileges for an application, the password is immediately changed and the screen is locked, preventing any attempted intervention.”
Check Point reports that 87% of the infections it detected occurred on phones running older, unsupported versions of Android, “but users of current versions of Android should be concerned, as this Android threat can infect a wide range of versions of Android, from the oldest unsupported versions to the most current versions.”
This means that even if you’re using Android 14, you’ll need to keep your phone patched as security updates are released on a regular basis. This month we saw Google address a vulnerability in the Pixel that had previously been exploited in the wild, so you can never be complacent when it comes to Android and malware.
The team captured the Rafel RAT, which performs remote surveillance, data exfiltration and ransomware, “tricking” victims into downloading apps from outside the Google Play Store ecosystem that impersonate popular social media services, including some major brand names. Simply put, sideloading apps onto a phone running an older version of Android is like playing Russian roulette with multiple bullets in a gun – the chances of failure are dangerously high.
Raphel RAT Threat Menu
The social engineering behind these attacks relies on an increasingly common form of deception – impersonating popular apps to encourage installation. Some of the apps that the Rafel RAT impersonates include WhatsApp and Instagram, which are installed on most of the targeted devices. Once installed, the RAT requests various permissions to access sensitive apps and services such as contacts, call history, and most importantly, text messaging, which allows the RAT to bypass 2FA security measures.
The RAT is programmed to retrieve contact lists, SMS messages, device information, location data, screenshots and send them to a control server. It can also wipe data from the phone, display fraudulent system messages, delete files and directories, and retrieve data and files stored on the device and transfer them to a handler.
Check Point advises users to “be wary of links or applications sent from unknown senders or downloaded from unknown websites.” For those worried they may have downloaded something they shouldn’t, the team suggests “looking out for unusual behavior on your device, such as unexpected battery drain, increased data usage, or the presence of unfamiliar apps.”
One of the main differences between Android and iPhone is the flexibility to sideload apps from third-party stores and the web. Restricting this freedom doesn’t lead to much good, but it remains the most likely cause of malware infection.
With this in mind, it’s no surprise that Google is making it harder than ever for bad actors to trick users into installing risky apps. Play Protect has been strengthened in Android 15 to scan app behavior in real time and report issues, even if you’ve never seen a particular malware variant before. Google also announced new biometric/PIN requirements for the initial installation of potentially risky apps.
None of this helps users with older, unsupported phones. And the scale of the problem is staggering. Bitdefender states, “Nearly one-third of Android smartphones worldwide run an older, unsupported operating system. Whenever a new vulnerability surfaces, regardless of platform, the first advice is always the same: apply the latest security patches as soon as possible. However, for Android devices running an unsupported operating system, this isn’t an option.”
That’s over a billion devices, and Bitdefender warns that “attackers know the statistics.” So the golden rule applies to everyone, but it applies doubly if you’re playing the dangerous game of storing your personal data on an unsupported phone.
- Only use official app stores, do not use third-party stores, and do not change your device’s security settings to load the app.
- Check the app description to see who the developer is – is this someone you want in your life? Also, check the reviews – does it seem genuine or like a rip-off?
- Don’t grant apps permissions they don’t need: A flashlight or stargazing app doesn’t need access to your contacts or phone, and don’t grant them Accessibility permissions that make it easier to control your device unless they need to.
- I never have Until now Always use the app store for installations and updates instead of clicking links in emails or messages to directly download apps or updates.
- Don’t install apps that link to existing apps like WhatsApp unless you’re absolutely sure they’re legitimate – check reviews and online articles.
[ad_2]
Source link
