Hackers using Rafel RAT malware to target Android phone users

The Rafel, a variant of Remote Administration Tool (RAT), has been used to target Android phone users in multiple countries such as the United States, China, Indonesia, Russia, India, France, Germany, and the United Kingdom.
Last Updated : 26 June 2024, 17:14 IST

Follow Us :


Google's Android OS has more than 3.7 billion active userbase worldwide. But, it is also a happy hunting ground for threat actors to prey on naive smartphone users.

In the latest instance, the Check Point Research (CPR) team has detected hackers using Rafel, a variant of Remote Administration Tool (RAT), to target Android phones in multiple countries such as the United States, China, Indonesia, Russia, India, France, Germany, and the United Kingdom.

The bad actors are using phishing techniques to trap people. They use messenger apps, and social media platforms such as WhatsApp, Telegram, and Android SMS apps to fool them in to downloading Rafel malware-laced APKs (Android Package Kits).

To build trust, they impersonate popular services such as banking and education companies; then, they trick them into clicking URLs that lead to compromised websites and convince them to download apps.

Once installed, the malware hides inside system to avoid detection from the security features of the device. Then, the trojan gains access to sensitive faculty of the phone such as GPS, camera, microphones, and storage to track the targeted person's location, and steal sensitive trade secrets of the company and private photos/videos, for ransom.

"Rafel RAT is another reminder of how open-source malware technology can cause significant damage, especially when targeting big ecosystems like Android, with over 3.9 billion users worldwide. As most of the affected victims are running unsupported Android versions, it is crucial to keep your devices up-to-date with the most recent security fixes or replace them if they are no longer receiving them," said Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software Technologies.

"Prominent threat actors and even APT groups are always looking for ways to leverage their operations, especially with the readily available tools such as Rafel RAT, which could lead to critical data exfiltration, using leaked Two-Factor Authentication codes, surveillance attempts and covert operations, that are particularly devastating when used against high-profile targets," Chailytko noted.

Some of the top branded phones affected in the phishing campaign include Samsung, Xiaomi, Vivo, Huawei, Oppo, Vivo, Realme, LG and more. However, it has to be noted the devices run Android 11 or older versions.

The device owners are advised to upgrade to the latest software or security patch rolled out by the respective phone maker. Or, just get the new Android phones.

Tips on how to protect your Android phone from such cyber threats:

--Never download apps from third-party stores

--Never click URLs sent via messenger app or email from unknown senders

-- Even on official platforms such as Google Play/Apple App Store/Microsoft Windows Store, always exercise caution while downloading apps, particularly social media platforms and messenger services developed by unfamiliar developers

-- Avoid storing any work-related sensitive information on personal devices

--Always update your phone to the latest firmware version

--It is good practice to have antivirus applications published by reputed firms such as CheckPoint's Endpoint Security, Kaspersky, ESET and McAfee, among others.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

Published 26 June 2024, 17:14 IST

Follow us on :

Follow Us