Connect with us

Tech

Update Now Warning Issued For Millions Of Samsung, Pixel, Xiaomi Users

Published

on

Update Now Warning Issued For Millions Of Samsung, Pixel, Xiaomi Users

Have you updated the software on your Samsung, Pixel or Xiaomi phone recently? If not, you might want to look away now. The cyber team at Check Point has just issued a new report warning just how big a risk you’re taking and urging you to update.

The team says it has been tracking the Rafel RAT across the United States, UK, China, Indonesia, Russia, India, France and Germany, and has detected 120 dangerous campaigns over the last two years—another reminder, they warn, “of how open-source malware technology can cause significant damage, especially when targeting big ecosystems like Android, with over 3.9 billion users worldwide.”

And this RAT is particularly nasty—definitely not something you want on your phone, sifting through all your personal data, sending anything it likes back to its handlers without you realizing—at least not until it’s too late. “Our findings,” Check Point says, “highlighted that most victims had Google (Pixel, Nexus), Samsung Galaxy A & S Series, and Xiaomi Redmi Series.” But many other devices were hit as well.

ForbesNew Google Chrome Warning-You Must Never Copy And Paste This Text

“It is crucial to keep your devices up-to-date with the most recent security fixes or replace them if they are no longer receiving them,” Check Point’s Alexander Chailytko says. “Prominent threat actors and even APT groups are always looking for the ways to leverage their operations, especially with the readily available tools such as Rafel RAT, which could lead to critical data exfiltration, leaked Two-Factor Authentication codes, surveillance attempts and covert operations.”

Rafel targets phones by way of non-Play Store installs. And while Google is adding better defenses around these “off-Play apps,” the sheer scale of the problem is huge; it has reported that its new real-time code-level scanning “has already detected over 5 million new, malicious off-Play apps, which helps protect Android users worldwide.”

Some of those threats are clearly more dangerous than others. “Rafel possesses all the essential features required to execute extortion schemes effectively,” Check Point says. “When malware obtains Device Admin privileges, it can alter the lock-screen password [and] prevent the malware’s uninstallation. If a user attempts to revoke admin privileges from the application, it promptly changes the password and locks the screen, thwarting any attempts to intervene.”

Check Point reports that 87% of all the infections it detected were on phones with older, unsupported Android versions. “But users of current Android versions should be concerned; this Android threat is capable of infecting a wide range of Android versions, from the oldest unsupported versions to the most recent ones.”

And that means even if you’re running Android 14, you need to keep your phone patched as regular security updates are released. Just this month, we saw Google address a Pixel vulnerability for which a targeted exploit had been found in the wild. When it comes to Android and malware, we’re in take no chances territory.

The team caught the Rafel RAT conducting remote surveillance, data exfiltration and ransomware, with victims “tricked” into downloading apps from outside Google’s Play Store ecosystem, apps that impersonate popular social media services, including some of the biggest, best known brands. Put at its simplest, sideloading apps onto a phone running an outdated version of Android is like playing Russian Roulette with multiple bullets in the gun—your chances of coming unstuck are dangerously high.

The social engineering behind these attacks relies on the fakery we are seeing ever more these days—impersonating popular apps to prompt an install. Apps impersonated by the Rafel RAT include WhatsApp and Instagram, which will be installed on most of the devices targeted. Once installed, the RAT requests various permissions to access sensitive apps and services, including contacts, call logs and—critically—text messaging, which enables the RAT to bypass 2FA security measures.

The RAT is programmed to retrieve contact lists, SMS messages, device info, location data, screenshots, and send them to its control server. But it can also wipe data from the phone, display fraudulent system messages, delete files and directories, and retrieve data and files stored on the device and forward those to its handlers.

Check Point advices users “to be cautious of links and applications sent by unknown senders or applications downloaded by unknown websites.” For anyone worried they might have downloaded something they shouldn’t, the team suggest “users should look for unusual behavior on their device, such as unexpected battery drain, increased data usage, or the presence of unfamiliar apps.”

One of Android’s main differentiations to iPhone has always been this flexibility to sideload apps from third-party stores and the web. And restricting those freedoms will not land well. But this remains the most likely source of malware infections.

ForbesApple’s New Security Update Exposes Samsung’s Biggest AI Problem

Given this, it’s no surprise that Google is making it ever harder for a bad actor to trick users into installing dangerous apps. Its Play Protect is being enhanced with Android 15 to live scan app behaviors to flag issues even when it has not seen a particular variant of malware before, and it has just revealed a new biometric/PIN requirement to install an app in the first place that might be high-risk.

None of this helps a user with an older, unsupported phone. And the scale of that problem is staggering. Bitdefender suggests that “almost one-third of the world’s smartphones running Android will be running an outdated, unsupported operating system. Whenever a new vulnerability surfaces, the first advice is always the same, no matter the platform: apply the latest security patches as soon as possible. For Android devices running end-of-life operating systems, though, that’s not an option.”

That’s more than a billion devices, and Bitdefender warns that “attackers know the statistics.” So, while the golden rules apply to everyone—they apply double if you’re playing the dangerous game of putting personal data on an unsupported phone:

  1. Stick to official app stores—don’t use third-party stores and never change your device’s security settings to enable an app to load.
  2. Check the developer in the app’s description—is it someone you’d like inside your life? And check the reviews, do they look legitimate or farmed?
  3. Do not grant permissions to an app that it should not need: torches and star-gazing apps don’t need access to your contacts and phone. And never grant accessibility permissions that facilitate device control unless you have a need.
  4. Never ever click links in emails or messages that directly download apps or updates—always use app stores for installs and updates.
  5. Do not install apps that link to established apps like WhatsApp unless you know for a fact they’re legitimate—check reviews and online write-ups.
Continue Reading