Android Users Beware: WolfRAT Malware May Be Coming For You

If you’re one of the 2.5 billion Android users out there, you should pay attention. The security experts at Cisco have discovered a new Android malware that could impact you.

The new malware, dubbed “WolfRAT,” affects popular messaging apps, including Facebook Messenger, WhatsApp, and Line. The Wolf Research crew developed it, but don’t let their name fool you. This German-based spyware team sells spyware and other malware to governments and other parties.

WolfRAT is a member of the “DenDroid” family of malware that became famous for stealing audio, video, and photo files on Android devices. WolfRAT follows a similar path, even affecting the encrypted messaging app, Line, as well as others.

How WolfRAT malware could affect you

How Does WolfRAT Infection Occur?

WolfRAT has infected phones via phishing campaigns sent to user devices. The servers that attacks were coming from first were in Thailand. The messages Android users got referred to Thai food. It lured victims into clicking on infected links that download the malware. 

After this, WolfRAT operates via legitimated apps and package names inside a “.com.google.services” to look like a regular app. Since it seems reasonable enough and seems related to the Android OS, non-tech-savvy users don’t delete the app. It leaves the malware to continue doing damage. 

What Does WolfRAT Malware Do?

Hackers use the app to gather information on both specific targets and generic victims. Once WolfRAT is on the device, it obtains a wide variety of user permissions. These give it ample room to gather user data. 

The most concerning is the ability to take screenshots in communication apps. It can also search for Messenger, Whatsapp, and Line activity. Once people open these messaging apps, WolfRAT takes screenshots and uploads them to the command server. 

What Should You Do Now?

Although researchers discovered this attack in Thailand, there’s no guarantee that its impact won’t span well beyond there. 

If you suspect your phone has been infected, the safest thing to do is to remove the malware and/or reset your devices to factory settings. It’s crucial to act quickly as the longer WolfRAT remains on your devices, the more damage it can do. 

Moreover, enhance the overall security of your Android device:

Install Updates

Ensure that you have the latest version of Android OS and all apps. You get the most up-to-date security patches by keeping your smartphone updated. 

Limit Online Tracking

First, don’t overshare online. Then, hide your IP address to make it more difficult for hackers to track your internet activity. It limits the information they can collect about you and use for targeted attacks. 

What is an IP address? It’s the unique identifier that all devices connected to the internet have. It’s easy for anyone online to discover it. Google “what is my IP,” and you’ll see, or you can simply visit this page. You won’t even need to click on any search results; Google will show them to you immediately.

Understand and Recognize Phishing

WolfRAT malware is only the latest attack. Researchers discover new forms of malware on both mobile and desktop devices all the time. And phishing attacks are how they infect devices most of the time.

Teach yourself to recognize phishing attempts. Phishing can occur in messaging apps, email, forums, social media, and all the other places online. Hackers can also imitate people you know to trick you into downloading malware. For this reason, be sure to scan all links and downloads before you ever click on them, no matter who sends them.

Improve Your Cyber Hygiene

Cyber hygiene starts with password habits. Everyone is guilty of recycling old passwords for new accounts. But then a hacker discovers one password, and all accounts are at risk.

Read about creating memorable passwords, employ biometric authentication, or get a password manager. That’s all you need to solve the biggest password problem. Also, consider enabling two-factor authentication to prevent unauthorized access to your accounts.

What’s more, always encrypt and backup your files. There’s plenty of data-stealing malware out there. Ransomware is one of the harmful malware. You should always know that you have a backup even if your device suddenly becomes infected. And if you encrypt your data (including backups), hackers can’t use your files against you.

The Bottom Line

This month, the latest threat may be WolfRAT Android malware. Who knows what’s going to be next month? Take care of your safety and privacy both on your Android phone and all your other devices. Start by using the strategies and tools presented in this article.