An Android malware called Daam that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera is spreading, the national cyber security agency has said.
The virus is capable of “bypassing anti-virus programmes and deploying ransomware on the targeted devices”, the Indian Computer Emergency Response Team or CERT-In said. The agency is the federal arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults.
Also read: Google allows Indian users to choose default search engine on Android phones
The Android botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources, the agency said. “Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs,” the advisory said.
Daam is also capable of hacking phone call recordings, contacts, gaining access to camera, modifying device passwords, capturing screenshots, stealing SMSes and downloading/uploading files.
It transmits to the C2 (command-and-control) server from the victims (affected persons) device. The malware, it said, utilises the AES (advanced encryption standard) encryption algorithm to code files in the victim’s device.
Other files are then deleted from the local storage, leaving only the encrypted files with “.enc” extension and a ransom note that says “readme_now.txt”, the advisory said. The central agency suggested do’s and don’ts to avoid getting attacked by such viruses and malware.
Also read: Cyber criminals exploiting ChatGPT to spread malwares via FB accounts: CloudSEK
The Cert-In advised against browsing “un-trusted websites” or clicking on “un-trusted links”. Caution should be exercised while clicking on any link provided in unsolicited emails and SMSes, it said. Install and maintain updated anti-virus and anti-spyware software, it said. It also asked users to exercise caution towards shortened URLs (uniform resource locators), such as those involving bitly and tinyurl hyperlinks like: “http://bit.ly/” “bit.ly” and “tinyurl.com/”.
(With agency inputs)