Daam Android Malware Can Record Calls, Steal Sensitive Data: Government Issues Warning

Daam is an Android malware that can bypass antivirus programs and steal confidential data. It can also act as ransomware.

  • Daam communicates with Android APK files to infect the device.
  • It can read call logs, reading history, bookmarks, access contacts and phone cameras, and modify device passwords among other damage.
  • Deletes local storage files and leaves encrypted files along with a ransom note.

One of the major reasons people love Android devices is because of the freedom they get, like the ability to install apps and games from anywhere. While this is exciting for users, it also puts them at risk of a malware attack. The Indian cyber security agency CERT-IN has issued an advisory against one such new malware called Daam. This malware can not only steal your important and confidential data but can also act as ransomware. Read on to know more and what you can do to be safe.

Daam Android Malware: What Does it Do?

The CERT-IN advisory says Daam malware is found to be spreading across many Android devices. Applications downloaded from untrusted sources and third-party websites are being used to distribute the malware. It is reportedly communicating via Android APK files with the goal of infecting the device. The worst part is it can even bypass antivirus programs and eventually deploy ransomware on affected devices.

The first thing that Daam does once it reaches a device is to attempt to bypass security checks. If successful, its next step is to steal all the data stored on the device. This can include reading history, call logs, bookmarks, stealing SMSes, downloading/uploading files, and even modifying device passwords. It can also kill background processes, record calls, capture screenshots, and access the device’s camera.

When it comes to recording calls, it can do so for both normal phone calls and VoIP calls. Daam then transmits all of the stolen data from the victim’s device to the C2 server. If all this was not bad enough, it is even found to have ransomware capabilities. It can encrypt files on the device via the AES encryption algorithm and delete all other locally stored files. All encrypted files have a “.enc” extension and there is also a ransom note file titled “readme_now.txt”.

How to be Safe from Daam Android Malware?

The advisory goes on to mention a number of steps that Android users can follow to be safe from Daam malware. Here is a quick rundown of these steps that you should remember:

  • Install Android apps and games from the Google Play Store or the app store provided by your device’s brand like Oppo, Samsung, Xiaomi, etc.
  • Check user reviews and ratings before downloading any new app/game.
  • Install Android security updates/patches as soon as possible.
  • Do not click on unknown/untrusted website links shared via SMS/emails/DMs and do not visit such websites.
  • Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organisation’s website directly using search engines to ensure that the websites they visited are legitimate.
  • Avoid clicking short URLs (bit.ly or tinyurl) directly. Use URL checkers to check the full URL or utilize the shortening service preview feature to preview the short URL’s content.
  • Keep your antivirus software updated.
  • Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.
  • Look for the valid encryption certificate (green lock in the browser address bar) before sharing any sensitive details with any website.
  • Immediately report any unusual activity in your account with the bank via customer support channels.