A group of hackers is using Rafel to carry out a series of attacks targeting Android devices. Rafel is a remote administration tool (RAT), built using open source, that can be used for different types of attacks.
Information from Check Point Agency. According to the report, the hacking group called “APT-C-35/DoNot Team” used Ravel In about 120 malicious campaigns.
Countries most affected by scams involving the use of Ravel.source: Checkpoint/clone
The group has inflicted significant damage on numerous individuals, as well as major corporations, including military institutions. The company found three specific types of attacks:
- Ransomware operations;
- Scams involving manipulation of two-factor authentication;
- Pakistani government website hacked.
Ravel has multiple functions, such as remote management, espionage, data exfiltration, and persistent mechanisms.
the tool It exploits vulnerabilities in the operating system, but also takes advantage of user interaction. Once the proper permissions are granted, the program can remain completely undetectable.
Fraud hub
The countries with the most victims so far are the United States, China and Indonesia. The most affected mobile phones are from Samsung, Xiaomi, Vivo and Huawei. Among the specific smartphone models affected were Pixel (Google), Nexus (LG), Galaxy A and S (Samsung), and Redmi (Xiaomi).
Models that have suffered the most hits due to RAT use.source: Checkpoint/Replication
The RAT works on all versions of Android, but researchers note that newer versions offer greater resistance. The majority of attacks (87.5%) occurred on devices that no longer receive security updates.
Ravel can be used to create fake apps that impersonate legitimate ones. These apps trick the user into requesting permissions from the administrator. From there, the criminal takes control of the device remotely and can steal all sorts of information, including logins and passwords.
Malware affects all versions of Android, especially those that are no longer officially supported.source: Checkpoint/clone
How to protect yourself
Although there is no specific defense against Raphael, a few measures can help keep your cell phone safe. See some recommendations:
- Use a recent version of Android and keep the system updated;
- Install apps only from the Play Store or the official store of each brand;
- Check the app developer to avoid illegal copying;
- Avoid unknown programs that promise to increase device security;
- Avoid granting admin permissions to apps you don't normally need.