Android users warned about Rafel RAT malware that can lock devices and bypass two-factor authentication

Experts are warning Android users to be careful with apps they download to their smartphones as cybercriminals use “increasingly sophisticated techniques” to break into devices.

One type of malware, called Rafel RAT, runs stealthily on devices and “provides malicious actors with a powerful set of remote administration and control tools.”

The latest warning comes from Antonis Terefos and Bohdan Melnykov of cyber threat research firm Check Point Research.

Get to know the news with the 7NEWS app: download today

Terefos and Melnykov say the malware could enable a range of malicious activities, from data theft to device manipulation, and could even hack two-factor authentication.

“Rafel’s features and capabilities—such as remote access, surveillance, data exfiltration, and persistence mechanisms—make it a powerful tool for covert operations and infiltrating high-value targets,” Terefos and Melnykov said.

The malware disguises itself as legitimate applications, including Instagram, WhatsApp, and various e-commerce platforms, as well as antivirus programs and applications supporting numerous services.

By downloading these apps, users may unknowingly allow app administrators to control their data and phone functionality.

Detected commands included accessing or deleting data, password monitoring, and more.

Some users reported that their contacts and messages were compromised and two-factor authentication messages were used to access other accounts.

In its most serious form, malware can prevent you from uninstalling itself.

“If a user tries to revoke the app’s administrator privileges, the app immediately changes the password and locks the screen, preventing any intervention,” Terefos and Melnykov said.

In one case, a user’s call history was cleared before a message was displayed on his phone directing him to the Telegram channel.

Targeting older phones

Most of the people affected had Samsung phones, but the problem also affected users of Xiaomi, Vivo and Huawei phones.

According to Terefos and Melnykov, most of them had older phone models.

The malware can generally run on all phones, but “newer operating system versions typically present more challenges for the malware to perform its functions or require more action by the victim to be effective,” they said.

Experts warn Android users to be careful with the apps they download. Basic image Loan: Getty’s paintings

“More than 87 percent of affected victims are running versions of Android that are no longer supported and therefore do not receive security patches.”

Terefos and Melnykov said the Rafela RAT should be taken extremely seriously as a threat.

“The prevalence of Rafel RAT underscores the need for ongoing vigilance and proactive security measures to protect Android devices from malicious exploitation,” they said.

“As cybercriminals continue to leverage techniques and tools like the Rafel RAT to compromise user privacy, steal sensitive data, and commit financial fraud, a multi-layered approach to cybersecurity is essential.”