India’s national cyber security agency CERT-IN has issued an advisory against an Android malware named “Daam”. According to the agency, the Android malware is capable of “stealing sensitive data, bypassing antivirus programs and deploying ransomware on targeted devices”.
The malware communicates with various Android APK files to infect the target device and is distributed through channels such as third-party websites and applications downloaded from untrustworthy or unknown sources.
Once successfully placed in the device, the malware bypasses the device’s security checks and steals sensitive data and permissions such as “reading history and bookmarks, killing background processing and reading call logs, etc.”
“It is capable of hacking call recording, contacts, gaining access to camera, modifying device password, capturing screenshots, stealing SMS, downloading/uploading files etc. and transmitting from victim’s device to C2 server. is also capable.” the advisor said.
“Dam” uses the AES encryption algorithm to encrypt files and after a successful attempt, it deletes other files from the device’s storage, leaving only encrypted files with the “.enc” extension and a ransom note “readme_now”. .txt”.
Best Practices and Recommendations
CERT-IN has advised some best practices and recommendations to avoid being targeted by malware. It advised to limit download sources to official app stores and to “review the app description, number of downloads, user reviews, comments and additional information section” before downloading.
It suggested verifying app permissions and granting only those permissions that are necessary for apps to function and not checking the “Untrusted sources” checkbox when installing side-loaded apps.
CERT-In advises users to do due diligence and research before “clicking on links provided in messages or emails” and to only click on links on which the website domain is clearly mentioned.
The advisory states that authentic SMS from banks generally have a Sender ID, which is an abbreviated name of the bank instead of a phone number. Further, it has recommended customers to “immediately report any unusual activity in their account with relevant details to the concerned bank for further appropriate action”.
CERT-IN has asked users to be careful with shortened URLs such as bit.ly and Tinyurl. It advised the use of a “URL checker” which would allow the user to enter a shortened URL and view the full URL.
Meanwhile, India witnessed an 18 per cent increase in weekly cyber attacks during the first quarter (Q1) of 2023, with each organization facing an average of 2,108 attacks per week, a new report said.
Daam malware infecting Android devices, hacking sensitive information: CERT-IN issues advisory for the first time on Techlusive.
