Iranian hacking group AppMilad has been distributing the Android spyware RatMilad in a new attack campaign targeted at enterprise users, according to SecurityWeek. RatMilad, which features file manipulation, audio recording, and app permission modification capabilities, has been spread by AppMilad through the VPN and phone number spoofing app Text Me, as well as the Text Me variant NumRent, a Zimperium report showed. AppMilad also created a website to promote the apps in an effort to establish legitimacy. The report also found that AppMilad's post on Telegram that linked to the malicious app has been viewed more than 4,000 times and shared more than 200 times, but the extent of infections remains inconclusive. "Though this is not like other widespread attacks we have seen in the news, the RatMilad spyware and the Iranian-based hacker group AppMilad represent a changing environment impacting mobile device security," said Zimperium Director of Mobile Threat Intelligence Richard Mellick.