An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram.
I think the moral of the story here is more along the lines of "don't install weird off-brand versions of apps from dodgy places" (F-Droid excepted, obviously)
Ratel RAT is spread via various means, but threat actors are typically seen abusing known brands like Instagram, WhatsApp, e-commerce platforms, or antivirus apps to trick people into downloading malicious APKs.
During installation, it requests access to risky permissions, including exemption from battery optimization, to be allowed to run in the background.
Yeah, that's a weird thing to do and then blame on a lack of updates.
"Make sure to extend your car's warranty! I mean, just look at what happened to this drunk driver's car."
I personally really dislike forced updates and how some people try and justify them with examples of people doing dumb shit like this where they literally side load a sketchy APK and grant it all permissions. Why not promote tech literacy instead of blind confidence into updates that are almost never explained in any significant detail? It's honestly just so weird how superstitious it all seems
there are some modded Whatsapp versions that add features that don't exist in the official version, like hiding typing indicator for you while still being able to see the other person's, same with read markers, and so on. while I've never tried any myself, some of them seem to be legitimate.