Connect with us

Cyber Crime

Beware of DogeRAT: India’s Android Users at Risk from Sneaky Malware!



Beware of DogeRAT: India's Android Users at Risk from Sneaky Malware!

Android users in India are falling victim to a dangerous malware known as DogeRAT, which has been infiltrating devices to gain unauthorized access to sensitive data, including contacts, messages, and even banking credentials. This startling revelation comes as various government bodies, including sensitive defense units, have recently been targeted by cybercriminal groups aiming to pilfer crucial information.

Deceptive Dissemination on Popular Platforms

According to a government security advisory issued on August 24, this pernicious malware has been surreptitiously circulated by a cybercriminal group over the popular messaging platform Telegram. The criminals have camouflaged it as seemingly legitimate applications, including ChatGPT, the Opera Mini browser, premium versions of YouTube, and various other well-known apps and websites.

Malware’s Impact and Abilities

DogeRAT, identified as a Remote Access Trojan (RAT), was first brought to public attention by the cybersecurity startup, CloudSEK. This malicious software primarily targets Android users based in India. Once it infiltrates a victim’s device, it seizes control and begins a rampage through sensitive data, potentially enabling hackers to send spam, initiate unauthorized transactions, tamper with files, capture photos, record keystrokes, track the user’s location, and even record audio.

ALSO READ: Step By Step Guide: How To File Cybercrime Complaint Online In India

Telegram-Based Dissemination

While the exact origin of this threat remains unknown, the advisory highlights that the cybercriminals behind it used Telegram to distribute fake versions of popular apps, such as ChatGPT, Instagram, Opera Mini, and YouTube, in a recent incident. This underlines the need for heightened vigilance when downloading applications from unverified sources.

Government’s Response and Precautionary Measures

In response to this alarming situation, the Defense Ministry has issued a directive to its departments and officials, urging them to refrain from downloading apps from unverified third-party platforms and clicking on links from unknown senders. Additionally, they are advised to keep their smartphones updated with the latest software and security patches and to install a reputable antivirus application.

ALSO READ: Here Is How You Can Protect Your Instagram Account From Phishing Attacks: 6 Tips To Know

The Global Reach of DogeRAT

CloudSEK, the cybersecurity startup that first raised concerns about DogeRAT, revealed that this open-source Android malware, based on Java, is not limited to India. It targets customers across various industries, with a significant focus on banking and entertainment sectors. The startup stressed that while the initial campaign primarily targeted Indian users, it is designed to have a global impact.

Capabilities of DogeRAT

DogeRAT’s capabilities are indeed formidable, as it can take full control of the infected device. This enables it to send malicious spam messages, make unauthorized payments, manipulate files, remotely capture photos using the device’s cameras, track its location, and record audio. The advisory underscores the seriousness of this threat.

Advisory for Safe Practices

To protect themselves from this malicious malware, the advisory urges users not to install apps from unknown third-party app stores. Instead, they should rely on official app stores provided by Google, Apple, or Windows. Additionally, users are cautioned never to click on emails sent by unknown senders.

ALSO READ: Deepfake Nightmare: Sextortionists Resort To Morphed Dead Videos Of Girls For Higher Ransom

Government Employees Encouraged to Comply

In light of these guidelines, government employees are strongly encouraged to adhere to these precautions and to disseminate them to other sections for strict compliance. This collective effort aims to minimize the risk of falling prey to DogeRAT and other cyber threats.

Ongoing Cybersecurity Concerns

This latest cybersecurity threat joins a growing list of concerns in India’s digital landscape. Recently, cyber attackers have targeted Indian users, including government bodies like the Unique Identification Authority of India (UIDAI) and the All India Institute of Medical Sciences (AIIMS). These attacks underscore the need for heightened vigilance and security measures in the ever-evolving digital world.

What Is DogeRAT & How It Works:

  • DogeRAT is an open-source Android Remote Access Trojan (RAT), distributed disguised as a legitimate mobile application such as a game, productivity tool, or entertainment app like Netflix, YouTube, etc., through social media and messaging platforms.

  • Once installed on a victim’s device, the malware gains unauthorized access and starts collecting sensitive information, including contacts, messages, and banking credentials.

  • The malware can also take control of the compromised device, allowing threat actors to perform various malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even capturing photos through the device’s cameras.

  • DogeRAT communicates with a Command and Control (C2) panel through a Telegram Bot, which serves as the interface for the threat actors to control and manage the infected devices.

  • The RAT uses a Java-based server-side code written in NodeJs to establish communication between the malware and the Telegram Bot.

  • The malware author advertises DogeRAT through Telegram Channels, offering a premium version with additional capabilities like taking screenshots, stealing images, functioning as a keylogger, and having enhanced persistence and smoother connections with the infected devices.

  • The malware employs a web view within the application to display the URL of the targeted entity, creating a sense of legitimacy.

  • DogeRAT requires various permissions upon installation, including access to call logs, audio recording, and reading SMS messages, media, and photos.

  • The RAT leverages a combination of open-source technologies, including Telegram Bot and a free NodeJs application hosting platform, making it easily accessible for threat actors to launch scam campaigns.

ALSO READ: Search All India Police Station Phone Numbers & Mail ID Through This Search Engine

To protect yourself from this threat, CloudSEK recommends the following tips:

  • Be careful about what links you click on and what attachments you open. If you receive a link or attachment from someone you don’t know, don’t click on it or open it.

  • Keep your software up to date. Software updates often include security patches that can help protect your device from malware.

  • Use a security solution. A good security solution can help protect your device from malware and other threats.

  • Be aware of the signs of a scam. Scammers often use techniques such as urgency, fear, and greed to trick victims. If you are ever unsure about a message or offer, it is best to err on the side of caution and not click on any links or open any attachments.

  • Educate yourself about malware. The more you know about malware, the better equipped you will be to spot it and protect yourself from it. There are many resources available online that can help you learn more about malware.

Follow on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Continue Reading