Raphael: Powerful Trojan virus targets Android devices from well-known companies

Specialists from Check Point Research (CPR) have discovered that several cybercriminal groups have begun using a powerful Android Trojan called Rafel to attack smartphones from popular brands. Owners of Samsung, Xiaomi, Vivo, and Huawei devices are at risk.

According to the cyber threat analysis, Rafel acts as a powerful toolkit, providing attackers with remote management and control capabilities over the compromised devices. As a result of the attack, hackers can perform various malicious actions such as data theft and manipulation of the smartphone's behavior. Moreover, Rafel allows operators to completely wipe SD cards, delete call logs, intercept notifications, and even act as ransomware.

According to Check Point, around 120 different malicious campaigns using this Trojan have been identified. The geographical reach of these campaigns is impressive: among the targeted organizations were representatives from Russia, the USA, Australia, China, the Czech Republic, France, Germany, India, Indonesia, Italy, New Zealand, Pakistan, and Romania.

The majority of Rafel's victims used smartphones from Samsung, while the second-largest group consisted of users of Xiaomi, Vivo, and Huawei devices. At least 87.5% of the attacked devices were running outdated versions of Android, which no longer receive updates.