close
close

Here’s one more reason not to install suspicious APK files

Posted on by darion

Google Play Store logo on a smartphone - stock photo.

Edgar Cervantes / Android Authority

TL;DR

  • Cybercriminals are using malware called Rafel RAT to attack outdated Android devices.
  • Rafel RAT is distributed via malicious APK files disguised as legitimate applications.
  • To stay protected, download apps only from the Google Play Store, scan them with Google Play Protect, and update your Android operating system to the latest version.

Cyber ​​criminals and cyber espionage groups are targeting outdated Android devices using Rafel RAT – open source malware – to steal data and launch ransomware attacks. Scientists from a cybersecurity company Control point identified over 120 campaigns using this malware to attack Android devices.

The company also conducted an analysis of the victims, which showed that the targeted users were mainly located in the United States, Indonesia and China. As for the devices used by the victims, most had Samsung smartphones. Other affected brands include Xiaomi, Vivo and Huawei.

Check Point noted that while the malware can run on all versions of the operating system, Android 11 predominated on most affected devices, followed by Android 8 and 5. This means that people with outdated versions of Android were most at risk of vulnerabilities resulting from unverified APK files.

What exactly does Rafel RAT do?

Cybercriminals use popular social media platforms such as Instagram, as well as messaging applications such as WhatsApp, to distribute Rafel RAT-based malware. Malicious APK files disguise themselves as legitimate applications, luring unsuspecting users into downloading and installing these files on their devices.

During installation, the malware requests access to a number of risky permissions. These permissions allow the malware to leak sensitive data, encrypt files, and lock the device’s screen, among other things. The Rafel RAT ransomware command goes a step further and executes extortion plans by taking control of the device and demanding payments through channels such as Telegram.

How to protect yourself from malware like Rafel RAT

The easiest way to protect your device from malware is to check the source from which you download the APK files. It’s best to download apps only from the official Google Play Store, rather than using app links on third-party websites or messaging platforms.

Another way to prevent accidentally downloading malicious apps is to turn on Google Play Protect. You should also regularly update your Android operating system to the latest version to ensure you have the latest security patches.

Got a tip? Talk to us! Email our staff at [email protected]. You can remain anonymous or get credit for your information, it’s your choice.