Cybernews reports that phishing campaigns spreading the Rafel Android remote access trojan have primarily infected devices on outdated software, most of which are on Android 11, which had its support end five months ago.
Attacks with Rafel RAT — which features SMS, call log, and contact gathering, two-factor authentication message exfiltration, and ransomware capabilities — have been mostly aimed at Android users in the U.S., China, and Indonesia, with phones made by Samsung, Xiaomi, Vivo, and Huawei being the most targeted devices, according to a Check Point Research report. Moreover, the APT-C-35 threat operation, also known as Brainworm and DoNot Team, has been named to be among the most prolific users of the malware. "Despite the variety of Android versions, malware can generally operate across all. However, newer versions of the operating system typically present more challenges for malware to execute its functions or require more actions from the victim to be effective," said Check Point.
