A sophisticated malware campaign has recently been detected, targeting Android users primarily in India. The campaign involves a new open-source remote access trojan (RAT) named DogeRAT. This malware disguises itself as legitimate applications like Opera Mini, OpenAI ChatGPT, and premium versions of popular apps such as YouTube, Netflix, and Instagram. After being installed on a device, DogeRAT obtains unauthorized access to sensitive data, such as contacts, messages, and banking credentials. It also allows the attacker to take control of the infected device, enabling activities like sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos using the device's cameras.
The developer of DogeRAT promotes the malware through a Telegram channel, offering a premium subscription with additional features such as screenshot capture, image theft, clipboard content capture, and keystroke logging. The free version of DogeRAT has also been made available on GitHub, complete with screenshots and video tutorials showcasing its functionalities. The developer states that they do not endorse illegal or unethical use of the tool and put the responsibility on users for its use. This malware campaign highlights the financial motives behind scammers who constantly evolve their tactics.
_1685505984.png)
In addition to creating phishing websites, they distribute modified RATs and repurpose malicious apps for low-cost and easily deployable scam campaigns that yield high profits. In a related development, Mandiant, a cybersecurity firm owned by Google, has uncovered a new Android backdoor called LEMON JUICE. This backdoor allows remote control and access to compromised devices, with capabilities such as location tracking, microphone recording, access to contact lists, call and SMS logs, and execution of commands from a command-and-control server.
Furthermore, Doctor Web, another cybersecurity company, has found over 100 apps on the Google Play Store containing a spyware component called SpinOk. These apps, collectively downloaded more than 421 million times, include a marketing software development kit (SDK) that collects sensitive information from devices and manipulates clipboard contents. These findings highlight the ongoing need for Android users to remain vigilant about their device security. It is essential to avoid downloading apps from untrusted sources, regularly update software to protect against evolving malware threats and exercise caution when granting permissions to applications.
© Copyright 2023. All Rights Reserved Powered by Vygr Media.
