An Android malware call as ‘Daam‘ that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera has been found to be spreading, the national cyber security agency has said in its latest advisory.
This virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices“, the Indian Computer Emergency Response Team or CERT-In said.
The CERT-In is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks.
The Android botnet gets distribute through third-party websites or applications download from untrust/unknown sources, the CERT-In said.
As per advisory :
“Once it is place in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs and many more”.
‘Daam‘ is also capable of hacking phone call recordings, contacts, gaining access to camera, modifying device passwords, capturing screenshots, stealing SMSes, downloading/uploading files and many more, also transmitting to the C2 (command-and-control) server from the victim’s or affected persons device, as per advisory.
The malware, advisory said, utilises the AES (advanced encryption standard) encryption algorithm to code files in the victim’s device.
Other files are then delete from the local storage, leaving only the encrypted files with “.enc” extension and a ransom note that says “readme_now.txt“, as per advisory.
CERT-In suggest a number of do’s and don’ts to avoid getting attack by such viruses and malware.
The Cert-In advise against browsing “un-trusted websites” or clicking on “un-trusted links“.
Caution should be exercise while clicking on any link provide in unsolicite emails and SMSes, CERT-In said.
Install and maintain updated anti-virus and anti-spyware software, CERT-In suggest.
It also suggest that users should be on the lookout for “suspicious numbers” that don’t look like “real mobile phone numbers” as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
As per CERT-In advisory :
“Genuine SMS messages receive from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in the sender information field,”.
Advisory also ask users to exercise caution towards shortened URLs (uniform resource locators), such as those involving ‘bitly‘ and ‘tinyurl‘ hyperlinks like: “http://bit.ly/” “nbit.ly” and “tinyurl.com/“.
Users are advise to hover their cursors over the shorten URLs to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL, as per advisory suggest.
