Security researchers have warned against Rafel, an open-source remote administration tool (RAT) targeting Android devices.
The investigation by Check Point Research (CPR) identified multiple threat actors exploiting Rafel RAT, including an espionage group, demonstrating the tool’s versatility in achieving different malicious objectives.
An earlier publication by CPR had already linked Rafel to the APT-C-35/DoNot Team, underlining its capabilities for remote access, surveillance, data exfiltration and maintaining persistence on targeted devices.
Through the collection of malware samples and analysis of around 120 command-and-control (C2) servers, CPR pinpointed the United States, China and Indonesia as the most affected countries. The majority of infected devices were Samsung phones, followed by Xiaomi, Vivo and Huawei.
Read more on mobile security threats: Mobile Banking Malware Surges 32%
The study also revealed that Android 11 was the most commonly compromised version, followed by versions 8 and 5. While newer Android versions present more challenges for malware execution, older versions remain highly susceptible.
No tags.
