It has been barely two days since we reported about the Daam Android malware. It spreads through apps downloaded from untrusted sources to steal important and confidential data of Android users. In addition, CloudSEK, a contextual AI company, has warned about DogeRAT (Remote Access Trojan), a new open-source Android virus advertised on Telegram. The malware, disguised as popular apps like Netflix, is being promoted on Telegram by the creator. Read on ahead to learn what DogeRAT is and how to protect yourself.
CloudSEK Warns Indian Users of DogeRAT Malware
CloudSEK’s TRIAD team was investigating a different SMS stealer scam campaign when they came across the open-source Android malware DogeRAT (Remote Access Trojan). The virus, which targets an extensive database of customers from multiple industries, including banking and entertainment, is disguised as a legitimate app.
The perpetrators spread infected apps through social media platforms and messaging apps like Telegram. The malware is targeting Indian users primarily, but CloudSEK warns that it has the potential to reach a global level.
Telegram is the hub for downloading modded APKs of paid versions of popular apps like YouTube Premium, Netflix Premium, and more for Android users. According to the report, the creator of DogeRAT is advertising the malware in two Telegram channels. In addition, the creator posted a detailed RAT tutorial and listed features on a dedicated GitHub repository.
What is DogeRAT?
DogeRAT is a JAVA-based android RAT that uses a simple server-side code written in NodeJs. The RAT can interact with the infected smartphone using a web socket. According to the list posted by the creator, DogeRAT can read notifications, send bogus notifications, receive SIM info, access device location, send SMS from infected devices, read contacts, check all installed apps, click pictures from the front and back cameras, keylogger, modify files, and more.
The creator is also offering a DogeRAT premium subscription on Telegram, which offers additional features like taking screenshots, stealing media files from the gallery, accessing clipboard data, and a file manager. Needless to say, DogeRAT is quite dangerous and wreaks havoc on infected smartphones.
How DogeRAT works?
As mentioned, the RAT is distributed as APKs of popular banking, gaming, and entertainment apps. Upon the initial launch, the fake app requests multiple critical permissions. These include call logs access, microphone, notification access, contacts access, send and view messages, etc. Once provided, it gives the attacker complete access to the infected device.
Which Apps Are Being Targeted by DogeRAT?
While CloudSEK mentions that over a thousand fake apps are circulating online with DogeRAT, several popular apps exist. However, users should be wary of downloading APKs of banking, gaming, and entertainment apps. Below is the list of common apps posted by the company.
- YouTube Premium
- Netflix Premium
- Facebook Lite
- Instagram Pro
- Opera Mini
- ChatGPT
- Android VulnScan
How to Protect Your Device from DogeRAT?
The simple rule to prevent falling prey to DogeRAT is to avoid downloading APKs. Sticking to the official apps listed on the Play Store or the official websites of these services is the best prevention. However, the AI company has mentioned several preventive measures, as listed below.
- Don’t click on any suspicious links or file attachments you receive on social media or messaging apps.
- Keep your Android device up to date with the latest software updates and security patches.
- Beware of scammers who use fear, sense of urgency, or greed to push you into downloading a file or clicking on a link.
- Use a good antivirus and malware protection from a reputed company (not an APK download from a third-party marketplace or untrusted sources).
- Stay updated with the latest malware and fraud developments to spot the miscreant instantly and stay safe.
