A sophisticated Android malware known as Rafel RAT is targeting millions of users worldwide, with the United States, China, and Indonesia being the most affected countries, according to a recent report by Check Point Research (CPR).
This Remote Administration Tool (RAT) has been observed in various malicious operations, ranging from espionage to ransomware attacks .CPR's investigation uncovered approximately 120 command and control servers associated with Rafel RAT, highlighting the scale of the threat.
The malware primarily affects Samsung devices , followed by Xiaomi, Vivo, and Huawei phones, mirroring the market share of these brands in various regions.Alarmingly, over 87% of infected devices are running unsupported Android versions , leaving them vulnerable to security breaches.
Android 11 is the most commonly affected version, with older iterations like Android 8 and 5 also significantly impacted.The researchers identified three critical scenarios involving Rafel RAT:1.
Leaked Two-Factor Authentication (2FA) messages potentially enabling 2FA bypass3.
A sophisticated Android malware known as Rafel RAT is targeting millions of users worldwide, with the United States, China, and Indonesia being the most affected countries, according to a recent report by Check Point Research (CPR). This Remote Administration Tool (RAT) has been observed in various malicious operations, ranging from espionage to ransomware attacks .CPR's investigation uncovered approximately 120 command and control servers associated with Rafel RAT, highlighting the scale of the threat. The malware primarily affects Samsung devices , followed by Xiaomi, Vivo, and Huawei phones, mirroring the market share of these brands in various regions.Alarmingly, over 87% of infected devices are running unsupported Android versions , leaving them vulnerable to security breaches. Android 11 is the most commonly affected version, with older iterations like Android 8 and 5 also significantly impacted.The researchers identified three critical scenarios involving Rafel RAT:1. A ransomware operation encrypting victims' files2. Leaked Two-Factor Authentication (2FA) messages potentially enabling 2FA bypass3. A compromised government website in Pakistan hosting Rafel's command and control infrastructureRafel RAT's open-source nature and extensive feature set, including remote access, surveillance, and data exfiltration capabilities, make it a versatile tool for cybercriminals. Its use by various threat actors, including the APT-C-35 / DoNot Team, underscores its effectiveness across different operational objectives.To protect against Rafel RAT and similar threats, Android users are advised to:- Install apps only from trusted sources like the Google Play Store- Keep their operating system and apps updated- Use reliable mobile security applicationsAs Android powers over 3.9 billion active devices globally, the prevalence of Rafel RAT emphasizes the critical need for enhanced mobile security measures to safeguard user privacy and data integrity.
