Dangerous new Android malware steals your data — and spies on your conversations

Green skull on smartphone screen.
(Image credit: Shutterstock)

Unsuspecting users trying to get verified on social media are currently being targeted by a dangerous new Android spyware called RatMilad.

As reported by BleepingComputer and first discovered by the mobile security firm Zimperium, RatMilad isn’t your typical malware, as it acts as a Remote Access Trojan (RAT) capable of stealing a wide variety of data and spying on victims’ conversations.

At the moment, RatMilad is primarily being used in the Middle East but the spyware could soon come to the U.S. and other countries, as it's particularly useful for gathering data on potential victims. With RatMilad's help, an attacker could blackmail infected users or even commit cyber espionage.   

Infecting users through fake Android apps

How to make friends online without the awkward

(Image credit: Shutterstock)

While the original version of RatMilad was distributed through a fake phone spoofing app called Text Me, the cybercriminals behind the spyware have since updated the app and renamed it NumRent. Such apps are often used in countries where social media is outright banned.

In order to promote the fake Android app used to sideload RatMilad, cybercriminals have created a website for the app. Links to this site are then shared on Telegram and other social media platforms in an effort to trick users into downloading and installing it. According to a blog post from Zimperium, the main Telegram channel used to promote NumRent and infect users with the RatMilad malware has been viewed more than 4,700 times with more than 200 external shares.

Once installed on a victim’s Android smartphone, RatMilad hides behind a VPN and collects information on the device itself as well as its user including their contacts, call logs, text messages, GPS location data and more. 

To make matters worse, RatMilad can also delete and steal files, modify app permissions and even use an infected device’s microphone to record audio and eavesdrop on victims. This is why the spyware could easily be used to commit corporate espionage and steal sensitive company information.

How to stay safe from spyware and other Android malware

The simplest and easiest way to avoid falling victim to fake Android apps used to distribute spyware and malware is to only download new apps from official app stores like the Google Play Store, the Amazon Appstore and the Samsung Galaxy Store. Even then, malicious apps do manage to slip past Google’s defenses from time to time which is why you should carefully scrutinize reviews and app ratings before installing any new app.

If you have one of the best Android phones, you should also ensure that Google Play Protect is enabled on your device as this free tool can help protect you from bad apps, malware and other viruses. Those who are more at risk than ordinary users should also consider enrolling in Google’s Advanced Protection Program.

Regardless of your risk level, you may also want to install one of the best Android antivirus apps on your device just for additional peace of mind.

Due to the wealth of information RatMilad can collect and the series of malicious actions it can perform on an infected device, cybercriminals will likely continue to utilize the spyware in their attacks. We could also see it bundled with other fake apps as the cybercriminals behind it may try to expand their operations.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.