An Android malware called “Daam” has been found to be spreading, infecting mobile phones and leaking into sensitive data such as call records, contacts, history and camera, according to the National Cyber Security Agency in its latest advisory.
The virus is also capable of “bypassing antivirus programs and deploying ransomware on the targeted devices,” according to the Indian Computer Emergency Response Team, or CERT-In.
The agency is the federal technology department for combating cyber attacks and protecting cyberspace from phishing and hacking attacks and similar online attacks.
The Android botnet is proliferated through third-party websites or applications downloaded from untrustworthy/unknown sources, the agency said.
“Once the malware is installed on the device, it tries to bypass the device’s security check and after a successful attempt to steal sensitive data and permissions like reading history and bookmarks, canceling background processing and reading call logs.” etc .”, it said in the report.
“Daam” is also able to hack phone call records and contacts, gain access to camera, change device passwords, capture screenshots, steal SMS, download/upload files, etc. and from there to C2 server ( command and control server) to transfer the victim’s (data subject’s) device, the notice says.
The malware uses the AES (Advanced Encryption Standard) encryption algorithm to encrypt files on the victim’s device.
Other files are then deleted from the local storage, leaving only the encrypted files with the extension “.enc” and a ransom note that says “readme_now.txt”, the recommendation states.
The Central Authority recommended a set of rules of conduct to prevent attacks by such viruses and malware.
The cert-in advised against browsing “untrustworthy websites” or clicking on “untrustworthy links.” It said caution should be exercised when clicking on links in unsolicited emails and text messages. Installing and maintaining updated anti-virus and anti-spyware software is recommended.
It was also recommended that users should be on the lookout for “suspicious numbers” that don’t look like “real cell phone numbers”, as scammers often disguise their identities using email-to-text services in order to avoid revealing their real ones phone number to avoid.
“Genuine SMS messages received from banks typically include a Sender ID (consisting of the bank’s short name) instead of a phone number in the Sender Information field,” it said.
In addition, users were urged to exercise caution with shortened URLs (uniform resource locators), such as those with “bitly” and “tinyurl” hyperlinks such as: “http://bit.ly/“nbit.ly” and “tinyurl.com/”.
Users are advised to hover over the shortened URLs to view the full website domain they are visiting or use a URL checker that allows the user to enter a short URL and view the full URL, so the recommendation.