close
close

Android users warned about Rafel RAT malware that can lock devices and bypass two-factor authentication

Posted on by darion

Experts are warning Android users to be careful about the apps they download to their smartphones as cybercriminals use “increasingly sophisticated techniques” to break into the devices.

One type of malware, called Rafel RAT, runs on devices in a stealthy manner and “provides attackers with a powerful set of remote administration and control tools.”

The latest warning comes from Antonis Terefos and Bohdan Melnykov of cyber threat analysis firm Check Point Research.

Stay up to date with the news with the 7NEWS app: Download today Download today

Terefos and Melnykov say the malware can enable a range of malicious activities, from data theft to device manipulation and even breaking two-factor authentication.

“Rafel’s features and capabilities—such as remote access, surveillance, data exfiltration, and persistence mechanisms—make it a powerful tool for covert operations and high-value target infiltration,” Terefos and Melnykov said.

The malware disguises itself as legitimate applications such as Instagram, WhatsApp, and various e-commerce platforms, as well as antivirus programs and support applications for numerous services.

By downloading these apps, users may unknowingly allow app administrators to control their data and phone functionality.

Detected commands included accessing or deleting data, password monitoring, and more.

Some users have reported that their contacts and messages have been intercepted and two-factor authentication messages have been used to access other accounts.

In its most serious form, malware may prevent itself from being uninstalled.

“If a user tries to revoke the app’s administrator privileges, the app immediately changes the password and locks the screen, preventing any intervention,” Terefos and Melnykov said.

In one case, a user’s call history was deleted before a message linking to a Telegram channel was displayed on their phone.

Targeting older phones

Most of the people affected had Samsung phones, but the problem also affected users of Xiaomi, Vivo and Huawei phones.

According to Terefos and Melnykov, most of them had older phone models.

The malware can generally run on all phones, but “newer versions of the operating system tend to present the malware with greater challenges in performing its functions or require more actions from the victim to be effective,” they said.

Experts warn Android users to be careful about the apps they download. Stock PhotoExperts warn Android users to be careful about the apps they download. Stock Photo
Experts warn Android users to be careful about the apps they download. Stock Photo Loan: Getty photos

“More than 87 percent of affected victims are running versions of Android that are no longer supported and therefore do not receive security patches.”

Terefos and Melnykov stated that the Rafel RAT should be taken extremely seriously as a threat.

“The prevalence of Rafel RAT underscores the need for ongoing vigilance and proactive security measures to protect Android devices from malicious exploitation,” they said.

“As cybercriminals continue to leverage techniques and tools like the Rafel RAT to compromise user privacy, steal sensitive data, and commit financial fraud, a multi-layered approach to cybersecurity is essential.”