The recently released advisory report by Indian Computer Emergency Response Team or CERT-In states that an Android malware named “Daam” infects mobile phones is spreading. This virus can access private information like call logs, contacts, history, and cameras. The CERT-In serves as the federal government’s technological defence arm against cyberattacks and safeguards against hacking, phishing, and similar-based online attacks.
The advisory stated that the virus is capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”. According to the CERT, the Android botnet is spread through third-party websites or apps downloaded from dubious or unknown sources.
The advisory states, “Once it is placed in the device, the malware tries to bypass the security check of the device, and after a successful attempt, it attempts to steal sensitive data and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc”.
As per the advisory, ‘Daam’ is also capable of hacking its victim’s mobile data such as contacts, phone call recordings and contacts. The advisory said that the malware could easily access the camera and modify passwords, capture screenshots, steal SMSes, download/upload files, etc. The virus ables C2 (command-and-control) server to transfer data from the victim’s device. As per Trend Micro, a C2 (command-and-control) server is “a computer-controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network”.
According to the advisory, the Advanced Encryption Standard (AES) encryption algorithm is used by the malware to code files on the victim’s device. In the device, the malware wipes out other filed from the local storage and leaves encrypted files with the ‘.enc’ extension and a ransom note that states’ readme_now.txt’.
The central agency offered several do’s and don’ts to prevent being attacked by such viruses and malware.
Avoid visiting “untrusted websites” or clicking on “untrusted links,” the Cert-In recommended. It advised exercising caution when clicking on any links in unsolicited emails and SMSes. It suggested using and maintaining up-to-date anti-virus and anti-spyware software.
Additionally, it advised users to be on the watch for “suspicious numbers” that don’t resemble “real mobile phone numbers,” as scammers frequently use email-to-text services to conceal their identities in order to avoid disclosing their actual phone numbers. It stated, “Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in the sender information field”.
It also urged users to use caution when accessing URLs (uniform resource locators) that have been shortened using ‘bitly’ and ‘tinyurl’ hyperlinks, such as ‘http://bit.ly/’, ‘nbit.ly’ and ‘tinyurl.com/’.
The advisory encouraged users to use a URL checker that would allow them to enter a short URL and read the full URL, or they can hover their cursors over the shortened URLs to see the entire website domain they are visiting.
Attacks by malware are not new. Cybercriminals frequently target individuals and install malware on their smartphones, laptops, or desktop computers in order to steal personal data. The information is then utilised to start other malicious actions or sold later on the black market.
According to a recent study by Trend Micro, the Lemon Group, a cybercrime organisation, is suspected of installing the virus’ Guerrilla’ on approximately 9 million (8.9 million, to be exact) Android smartphones globally. Apart from smartphones, Android-based devices, such as smartphones, watches, TVs, and TV boxes, are also infected by this malware.
Their blog post mentioned that the top 10 nations affected by ‘Guerrilla’ malware are the US, Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, Philippines, and Argentina. It reads, “Through our monitoring, we have detected over 490,000 mobile numbers used for OTP requests of Lemon SMS and, later, Durian SMS service. The customers of Lemon SMS PVA generate OTPs from platforms like JingDong, WhatsApp, Facebook, QQ, Line, and Tinder, among other applications”.
