The malware known as Rafel RAT, which is especially worrisome, operates covertly on devices and gives malevolent actors a strong arsenal for remote administration and control.

The most recent cautionary note is from Check Point Research’s Antonis Terefos and Bohdan Melnykov, who specialize in cyber threat intelligence. Rafel RAT, they clarify, allows for a variety of illicit operations, including device manipulation, data theft, and even two-factor authentication hacking.

Rafel is a powerful tool for carrying out covert operations and infiltrating high-value targets, according to Terefos and Melnykov. These characteristics and capabilities include remote access, surveillance, data exfiltration, and persistence mechanisms.

Malware can pose as legal apps, such as Instagram, WhatsApp, e-commerce platforms, antivirus software, and support apps for many services. Users who download these apps might unintentionally give the app administrators access to their phone’s functionality and data.

Accessing or deleting data, managing passwords, and other tasks are among the detected commands. According to several users, communications sent with two-factor authentication were intercepted and utilized to access other accounts, and their contacts and messages were accessed. The malware can stop itself from being uninstalled in its most dangerous version.

Terefos and Melnykov said that the program quickly modifies the password and locks the screen to foil any attempts by the user to renounce admin credentials. Once, a user’s phone was cleared of all call history before a message directing them to a Telegram channel showed up.

While Samsung phones account for the majority of affected customers, Xiaomi, Vivo, and Huawei users have all experienced issues. These folks’ phones are mostly older models. Malware can usually run on any phone, according to Terefos and Melnykov, but newer operating systems usually make it harder for malware to do its job or necessitate more activities from the user in order to be effective.

It was stated that “over 87% of the impacted individuals are using Android versions that are no longer supported and, as a result, are not getting security updates.”

Rafel RAT is a threat that needs to be addressed very seriously. Terefos and Melnykov stress that in order to protect Android devices from malicious exploitation, it is crucial to maintain constant monitoring and take proactive security measures.

“A multi-layered approach to cybersecurity is essential, as cyber criminals continue to leverage techniques and tools like Rafel RAT to compromise user privacy, steal sensitive data, and perpetrate financial fraud,” they said in their conclusion.