Open-source Remote Control Trojan Rafel Threatens Over 3.9 Billion Android Devices Globally

TapTechNews July 3rd news, on June 20th, the network security company CheckPointResearch released a research report, disclosing that the open-source remote control Trojan horse (RAT) named Rafel is wreaking havoc on the network, more than 3.9 billion Android devices worldwide are facing security threats.

At present, the security company has observed at least 120 attack activities initiated by Rafel, mainly concentrated in the United States, China, India and Indonesia.

Most of the affected models are older models, and mobile phones such as Samsung, Xiaomi, Vivo and Huawei, and OnePlus are all affected.

The attacker distributes Trojan horse programs by disguising as Instagram, WhatsApp, popular e-commerce platforms, anti-virus software, etc. Among them, Android 11 system devices are the most affected, followed by Android 8 and Android 5 devices.

Once an Android device is infected with the Rafel Trojan horse, it will operate covertly in the background. TapTechNews attaches the following relevant capabilities:

Bypass Google Play protection

Obtain device information (identifiers, regions, countries, carrier details, specific models, root status), location information and a list of installed applications.

Steal the victim's address book, text messages, call records and files

Delete files and call records, encrypt files, change the device wallpaper, lock the device screen, and display or play designated information to the victim (using different languages)

The malicious software runs through a PHP panel, and the attacker can view the information of the invaded device through this panel and send commands to it.