Experts have warned of a new dangerous Android malware spoofing legitimate apps as it tries to steal sensitive information from victim endpoints, researchers are saying.
Cybersecurity researchers from CloudSEK uncovered a variant known as DogeRAT (Remote Access Trojan). The malware has all sorts of capabilities, from accessing contacts and messages to exfiltrating banking credentials. It can also take over the compromised device, send spam, make payments, tweak files, and even use the device’s camera.
In order to infect the target, the malware pretends to be a legitimate app, such as a game, a productivity tool, or an entertainment app such as Netflix, or YouTube. Threat actors are advertising it through social media and messaging platforms, as such an .APK can’t be found on the Google Play Store.
The malware’s creators are advertising the tool via Telegram, the researchers further stated, adding that the developers are offering a premium version that can also grab screenshots, steal images, work as a keylogger, and more. It’s being sold for roughly $30, or 2,500 Indian Rupees. Besides the Telegram channel, the authors have also set up a GitHub page with the malware, a detailed explanation, and a video tutorial.
We don’t know how many devices are infected, but we do know that the malware won’t work without the user giving it extensive permissions. Those include access to call logs, audio recording, reading SMS messages, media, and photos.
To stay safe, CloudSEK reminds, users should always be mindful about the applications they’re downloading, and just because something’s on the Play Store, doesn’t necessarily mean it’s clean and legitimate. Threat actors often manage to infiltrate Google’s app repository, and sometimes add to the malware’s legitimacy through inflated scores and purchased fake reviews. Furthermore, one should be extra careful when downloading an .apk from a third-party source.