Cybersecurity researchers at CheckPoint identified Rafel RAT, an open-source tool that enables remote administration for malicious activities on Android devices. It was discovered that around 120 malicious campaigns targeting high-profile organizations globally were using Rafel. Frequently targeted were those with outdated Android versions, such as Samsung, Google, and Xiaomi devices, which became victims. The malware appears just like one of the real apps.