RANA Android Malware
The Iranian-based Advanced Persistent Threat (APT) actor tracked under the aliases APT39 or Remix Kitten, has released a new malware piece recently, which appears to target Android devices exclusively. The implant seems to possess features typical for spyware, and its primary purpose is to spy on chats, phone calls, and network traffic. The threat, dubbed the RANA Android Malware, is believed to be used against Iranian dissidents and journalists, as well as international companies operating in the telecommunications or travel industries.
The infection vector used to plant the RANA Android Malware is yet to be discovered, but it is likely that the criminals are relying on fake downloads/updates or clever social engineering tactics carried out via social media and text messages. The RANA Android Malware implant often poses as a system optimizer, which holds the name 'com.android.providers.optimizer.' Of course, the malware hides its icons from the app menu, therefore making it more difficult to identify it and remove it.
Once installed, the RANA Android Malware connects to a remote Command and Control server and transmits basic information about the infected device's hardware, software, and configuration. The criminals can then command the implant to collect and exfiltrate various data types, as well as to carry out additional tasks on the compromised Android device. The RANA Android Malware can:
- Command the device to connect to an accessible WiFi network so that the traffic the implant generates will not end up using up the victim's mobile data.
- Collect data from messaging software like Viber, WhatsApp, Instagram, Telegram, Viber, and Talaeii, an unofficial Iran-made Telegram client. Automatically answer and record calls received by selected numbers.
- Co0llect camera photos.
- Upload and run files.
- Collect browser history and calendar events.
- Monitor the Android clipboard.
- Access GPS coordinates data.
Smartphones have become an important work tool used in all industries, and the Android operating system is the most widely spread one – hence why it is not a surprise that cybercriminals are focused on developing Android-compatible malware. While the RANA Android Malware is a new implant, its attacks are easily preventable by following the best cybersecurity practices and investing in a reputable anti-virus product.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.