Rafel RAT: New Cyber Threat Masquerades as Instagram and WhatsApp

The prevalence of Rafel RAT highlights the necessity of security measures to protect Android devices against malicious exploits.

Many cyber threat actors are increasingly using Rafel RAT, an open-source Android remote management tool, to achieve their operational goals. This tool masquerades as popular apps like Instagram, WhatsApp, various e-commerce platforms, and antivirus applications to infiltrate devices.

Analysis and Capabilities

A recent analysis by Check Point revealed that Rafel RAT is a potent remote management and control tool that enables a wide range of malicious activities, including data theft, device manipulation, and ransomware attacks. Its features include:

• Wiping SD Cards: Erasing all data on the device’s SD card.
• Manipulating Call Logs: Deleting or modifying call logs.
• Pulling Notifications: Accessing and managing notifications.
• Ransomware Capabilities: Encrypting files and demanding ransom.

Global Campaigns and Impact

Check Point detected approximately 120 different malicious campaigns leveraging Rafel RAT, targeting countries such as:

• Australia
• China
• Czech Republic
• France
• Germany
• India
• Indonesia
• Italy
• New Zealand
• Pakistan
• Romania
• Russia
• United States

Most victims were Samsung users, followed by Xiaomi, Vivo, and Huawei. A significant 87.5% of infected devices were running older versions of Android that no longer receive security updates. These attacks frequently use social engineering techniques to trick victims into installing malware-laden apps.

Command and Control Mechanism

Rafel RAT uses HTTP(S) for command and control (C2) communications, but it can also use Discord APIs to communicate with threat actors. Additionally, it features a PHP-based C2 dashboard that allows registered users to send commands to compromised devices.

Security Recommendations

To protect against such threats, experts recommend:

• Keeping Devices Updated: Ensure that devices are running the latest software updates.
• Downloading Apps from Trusted Sources: Only download apps from official app stores.
• Being Cautious with App Installation Requests: Avoid installing apps from unknown sources.
• Installing Security Software: Use additional security applications to detect and prevent malware.

The rise of Rafel RAT underscores the critical need for robust security measures to safeguard Android devices against increasingly sophisticated cyber threats.

• LinkedIn

Source: https://www.cioupdate.com.tr/manset/rafel-rat-instagram-ve-whatsapp-gorunumlu-yeni-siber-tehdit/