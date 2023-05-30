INDIASCI-TECH

Indian researchers uncover Android malware impersonating BFSI, e-com apps

Indian researchers have uncovered a sophisticated malware campaign known as DogeRAT (Remote Access Trojan), which is being carried out through the distribution of fake Android apps designed to look like legitimate apps, a new report showed on Tuesday.

According to contextual AI company CloudSEK, DogeRAT utilises open-source Android malware to steal sensitive information and compromise the security of victims’ devices, impacting various industries, particularly banking, financial services and insurance (BFSI), e-commerce, and entertainment.

DogeRAT is distributed via social media and messaging platforms disguised as a legitimate mobile application such as a game, productivity tool, or entertainment app such as Netflix, YouTube, and so on.

Once installed on a victim’s device, the malware gains unauthorised access and starts collecting sensitive information, including contacts, messages, and banking credentials.

“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns,” said Anshuman Das, threat intelligence researcher, CloudSEK.

Moreover, the report mentioned that the malware can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorised payments, modifying files, and even remotely capturing photos through the device’s cameras.

The researchers also discovered that DogeRAT’s creator promotes it through Telegram Channels, offering a premium version with additional capabilities such as screenshots, image theft, keylogging, and more.

The premium services are being sold at as cheap as Rs 2,500.

Further, the report suggested that users should avoid clicking on unknown links or attachments to protect themselves from this threat.

In addition, users should keep their software up to date and use a security solution.

20230530-164005

