New RAT digs into Android phones to steal data and encrypt files

However, over time, the malware has been used for evolved campaigns such as requesting permissions for notifications, device admin rights, or even stealthily seeking minimal sensitive permissions such as SMS, Call Logs, and Contacts.

The malware, as observed till now, configures a C2 (command and control) panel which allows a set of invasive operations including access to information such as device model, version, country, sim operator, current charge level, language, running applications, and RAM details, among others.

“The Check Point Research (CPR) report on the Rafel RAT provides a detailed analysis of the current threat landscape, but several broader implications merit further attention,” said Callie Guenther, senior manager, of cyberthreat research at Critical Start. The exploitation of outdated Android versions highlights significant supply chain vulnerabilities, as manufacturers and carriers often fail to provide timely updates, leaving millions of devices exposed to threats like Rafel.