An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram.
Researchers Antonis Terefos and Bohdan Melnykov at Check Point report detecting over 120 campaigns using the Rafel RAT malware.
Known threat actors conduct some of these campaigns, like APT-C-35 (DoNot Team), while in other cases, Iran and Pakistan were determined as the origins of the malicious activity. Read More..