RatMilad, a unique Android malware that masquerades as a VPN and phone number spoofing programme. It has seen to attack a Middle Eastern enterprise mobile device.

According to research Zimperium published with The Hacker News, the mobile trojan performs as sophisticated spyware with the ability to receive and carry out commands to gather and exfiltrate a variety of data from the infected mobile endpoint.

The dangerous app is spread via links on social media and messaging services like Telegram, luring unwary users into sideloading it and giving it a wide range of permissions, according to data acquired by the mobile security business.

It’s a clever concept to conceal the malware behind a phoney VPN and phone number spoofing app that purports to let users confirm their social media accounts over the phone, a practise that’s common in nations with access restrictions.

According to Nipun Gupta, a researcher at Zimperium, “Once installed and under control, the attackers could access the camera to take images, record video, and audio, obtain accurate GPS coordinates, examine pictures from the device, and more.”


In addition, RatMilad has features that allow it to read and write files. Also collect data from the clipboard, SMS messages, phone logs, and contact lists, as well as collect SIM information.

Zimperium put up the theory that RatMilad’s operators obtained the source code from the AppMilad hacker collective in Iran and combined it with fake software to trick people into downloading it.

The Issues

Although the extent of the infections is unknown, the cybersecurity firm claimed to have found the spyware. Spyware was found during an unsuccessful effort to breach a customer’s workplace device.

With more than 200 external shares, a post was shared on a Telegram channel. That was used to spread the malware sample has received over 4,700 views. It indicates a narrow audience.

According to Richard Melick, head of mobile threat intelligence at Zimperium, “the RatMilad spyware and the Iranian-based hacking group AppMilad. AppMilad illustrates a changing environment impacting mobile device security.”

“There is a burgeoning market for mobile spyware available from legitimate and illegitimate sources. And RatMilad is only one in the mix,” says the author of Pegasus to PhoneSpy.