A new piece of Android spyware is being used in a widespread campaign by an Iranian hacking group that has also targeted enterprise users, according to Zimperium.
The threat, known as RatMilad, has the ability to manipulate files, record audio, and change application permissions once it has been installed on a victim’s device. The first spyware sample that Zimperium discovered was concealing itself by using the VPN service and the phone number spoofing app Text Me. The mobile security company also discovered a live RatMilad sample that was made available through the Text Me clone NumRent.
Zimperium claims that links on social media and different messaging services are how the phone spoofing app is being distributed by the Iranian hacker collective AppMilad.