Government has a new malware warning for users

Government has a new malware warning for users

CERT-In has reported a new malware that’s affecting Android devices. The government has reported that a new Android malware named Daam is spreading and is capable of stealing sensitive data, bypassing antivirus programs, and deploying ransomware on the targeted devices.

What is Daam Android malware?
According to the official post, Daam malware is communicating with various Android APK files to infect the device. It is being distributed through third-party websites or applications downloaded from untrusted/unknown sources.

How does it affect Android devices
As per the report, once an Android device is infected by Daam, the malware tries to bypass the security check of the device. After a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc. It is also capable of hacking call recordings, and contacts, gaining access to the camera, modifying device passwords, capturing screenshots, stealing SMS, downloading/uploading files, etc., and transmitting to the C2 server from the victim’s device.

It uses the AES encryption algorithm to encrypt files in the victim’s device. Then it deletes other files from local storage and leaves the encrypted files with .enc extension and a ransom note — readme now.txt.

How to protect your device from this virus
The government body has listed a couple of guidelines for users that may help them prevent something like this from happening.

  • Limit your app downloads to official app stores like your device’s manufacturer or operating system app store to reduce the risk of downloading harmful apps.
  • Before downloading/installing apps on Android devices, review the app details, number of downloads, user reviews, comments, and additional information section.
  • Verify app permissions and grant only those permissions that are relevant to the app’s purpose.
  • Avoid checking the “Untrusted Sources” checkbox to install side-loaded apps.
  • Install Android updates and patches as soon as they become available from the device vendors.
  • Exercise caution while browsing untrusted websites or clicking on links in unsolicited emails and SMS messages.
  • Install and regularly update anti-virus and anti-spyware software on your device.
  • Watch out for suspicious numbers that don’t look like real mobile phone numbers, as scammers often mask their identity using email-to-text services.
  • Conduct thorough research before clicking on links provided in messages, using websites that allow you to search based on a phone number for relevant information.
  • Only click on URLs that clearly indicate the website domain, and if unsure, search for the organization’s website directly using search engines to ensure legitimacy.
  • Consider using safe browsing tools, antivirus software with filtering tools, and content-based filtering services to enhance your online safety.
  • Be cautious of shortened URLs, such as those using services like bit.ly and tinyurl. Hover over the shortened URL or use a URL checker to see the full website domain before visiting.
  • Look for valid encryption certificates indicated by a green lock in the browser’s address bar before providing sensitive information.
  • Report any unusual account activity immediately to the respective bank with relevant details for further action.

FacebookTwitterLinkedin



end of article