Zimperium Discovers New Iranian Android Spyware on Corporate Device: RatMilad

Mobile Trojan capable of malicious actions including reading, writing and deleting files, recording sounds and setting new app permissions, discovered in the Middle East

COMPANY NEWS: Zimperium, the only mobile security platform specifically designed for enterprise environments, has released details of a new family of Android spyware dubbed RatMilad. The Zimperium zLabs research team discovered the RatMilad spyware sample after it failed to infect a corporate device in the Middle East protected by Zimperium’s On-Device Malware Machine Learning Engine.

The original variant of the previously unknown RatMilad spyware was hiding behind a phone number spoofing and VPN app called Write me. After identifying the RatMilad spyware, the zLabs team also discovered a living sample of the malware family hidden behind it and distributed via NbRenta renamed and graphically updated version of Write me.

RatMilad spyware was not found in any Android app store. Evidence shows that Iran-based hacker group AppMilad used links on social media and communication tools, including Telegram, to distribute and encourage users to download the fake toolset and activate important permissions on their device. Malicious actors have also developed a product website advertising the app to trick victims into thinking it is legit.

Once a user grants the app access to multiple services, the new RatMilad spyware is installed via download, allowing the malicious actor behind this instance to collect and control aspects of the mobile device. The user is prompted to allow near-full access to the device, with requests to view contacts, phone call logs, device location, media and files, and more. send and view SMS messages and phone calls. Once installed and under control, attackers can access the camera to take photos, record video and audio, get precise GPS locations, and more.

“While not like other widespread attacks we’ve seen in the news, spyware RatMilad and Iran-based hacker group AppMilad represent a changing environment impacting mobile device security,” he said. declared Richard Melick, Director of Mobile Threat Intelligence at Zimperium. “From Pegasus to PhoneSpy, there is a growing market for mobile spyware available through both legitimate and illegitimate sources, and RatMilad is just one of them. The group behind this spyware attack potentially harvested critical and private data from mobile devices outside of Zimperium’s protection, leaving individuals and businesses at risk.

For more information on RatMilad Mobile Spy Software, including images and videos illustrating installation techniques, visit: Blog URL

About Zimperium

Zimperium provides the only mobile security platform purpose-built for enterprise environments. With machine learning-based protection and a single platform that secures everything from endpoints to apps, Zimperium is the only solution to deliver on-device mobile threat defense to protect growing and evolving mobile environments. evolution. Zimperium is headquartered in Dallas, Texas, and is backed by Liberty Strategic Capital and SoftBank. For more information, follow Zimperium on Twitter (@Zimperium) and LinkedIn (https://www.linkedin.com/company/zimperium), or visit www.Zimperium.com.


Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

Learn how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site itwire.com and a major newsletter promotion https://itwire.com/itwire-update.html and promotional and editorial news. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional posts on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Previous Webinar: Modern Circuit Analysis Strategies
Next IT Specialist Selected to Receive Prestigious Dellamonica Award | Article