Rafel RAT: A Threat to Outdated Android Phones, here is what we know, a quick look.

Ratel RAT

Rafel RAT: A Threat to Outdated Android Phones, here is what we know, a quick look.

In the ever-evolving landscape of cybersecurity threats, an open-source Android malware called “Rafel RAT” has emerged as a significant concern. Cybercriminals are increasingly deploying this powerful remote access trojan (RAT) to exploit vulnerabilities in outdated Android devices. In this article, we delve into the workings of Rafel RAT, its impact, and the risks it poses to users.

Ratel RAT

The Rise of Rafel RAT

Researchers at cybersecurity firm Check Point have been closely monitoring the activities of Rafel RAT. Here are the key findings:

  1. Targeted Devices: Rafel RAT primarily infects outdated Android phones. Shockingly, more than 87% of affected victims run Android versions that have reached end-of-life and no longer receive security updates.
  2. Android Versions: The most prevalent Android version among victims is Android 11, accounting for 21.4% of detected infections. Support for Android 11 ended nearly five months ago. Additionally, instances of Rafel RAT were found in Android 6-10 phones, with Android 5 contributing to an additional 18%. Android 5 was released nine years ago, and its support ended six years ago.
  3. Capabilities: Rafel RAT is highly capable. It can perform remote access, surveillance, and data exfiltration. Its persistence mechanisms make it a potent tool for covert operations.

Deceptive Tactics and Covert Operations

Ratel RAT employs deceptive tactics to manipulate user trust and exploit interactions. Here’s how it operates:

  1. Phishing Campaigns: The malware often masquerades as legitimate applications, such as Instagram or WhatsApp. Once installed, it requests various permissions, including notifications or administrative rights.
  2. Background Operations: Rafel RAT runs silently in the background, communicating with remote command and control servers over HTTP or encrypted HTTPS. It collects SMS, call logs, and contacts, depending on the attacker’s needs.
  3. Extortion and Ransomware: If it gains DeviceAdmin privileges, Ratel RAT can alter the lock-screen password and prevent uninstallation. In some cases, it acts as ransomware, encrypting or deleting files. It also steals 2FA messages, potentially bypassing multi-factor authentication.

Geographic Impact

The most targeted countries include the United States of America, China, and Indonesia. Victims predominantly use Samsung phones, followed by Xiaomi, Vivo, and Huawei devices.


As Rafel RAT continues to evolve, users must remain vigilant. Keeping Android devices updated and avoiding suspicious app installations are crucial steps in safeguarding against this persistent threat.

Remember, even in the realm of technology, vigilance remains our best defense.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment