India’s national cybersecurity agency CERT-IN has issued an advisory against an Android malware named “Daam.” As per the agency, Android malware is capable of “stealing sensitive data, bypassing antivirus programs and deploying ransomware on the targeted devices.”
The malware communicates with various Android APK files to infect the targeted device and it is distributed through channels such as third-party websites and applications that are downloaded from untrusted or unknown sources.
After successfully being placed in the device, the malware bypasses the security check of the device and steals sensitive data and permissions such as “reading history and bookmarks, killing background processing, and reading call logs etc.”
“It is also capable of hacking call recording, contacts, gaining access to the camera, modifying device passwords, capturing screenshots, stealing SMS, downloading/uploading files, etc., and transmitting to the C2 server from the victim’s device,” the advisory said.
“Daam” utilises the AES encryption algorithm to encrypt files and after a successful attempt, it deletes other files from the device’s storage, leaving only encrypted files with the “.enc” extension and a ransom note “readme_now.txt”.
CERT-IN has advised some best practices and recommendations to avoid getting targeted by malware. It has advised limiting download sources to official app stores and before downloading to “review the app details, number of downloads, user reviews, comments and additional information section.”
It has suggested verifying app permissions and granting only those permissions, which are necessary for apps functioning and not checking the “Untrusted Sources” checkbox while installing side-loaded apps.
CERT-IN has recommended users do their due diligence and research before “clicking on link provided in the messages or emails” and to click on those links only that have the website domain clearly mentioned on them.
The advisory said that authentic SMS from a bank generally have a sender id that is consisting of the bank’s short name instead of a phone number. In addition to this, it has recommended customers “report any unusual activity in their account immediately to the respective bank with the relevant details for taking further appropriate actions.”
CERT-IN has asked users to exercise caution towards shortened URLs such as bit.ly and tinyurl. It has advised the use of a “URL checker that will allow the user to enter a short URL and view the full URL.”
Meanwhile, India witnessed an 18 per cent increase in weekly cyber attacks during the first quarter (Q1) of 2023, with each organisation facing an average of 2,108 attacks per week, a new report.
Author Name | Om Gupta