Interlab analyzed RambleOn, a malicious Android APK delivered to a South Korean journalist through an APT-style phishing approach. The attacker first contacted the journalist over WeChat about a sensitive topic, then pushed installation of a fake secure-messaging app called Fizzle Messenger. The app acted as a loader, performed device checks, dynamically loaded Dex payloads from pCloud or Yandex infrastructure, and used Firebase Cloud Messaging for command-and-control. Once installed, the malware could collect and leak contacts, SMS messages, call content, location data, and other sensitive information from the compromised device.