Editorial image credit: 22 TREE HOUSE / Shutterstock.com
A sophisticated malware campaign dubbed DogeRAT has been observed spoofing an Android banking, financial services and insurance (BFSI), e-commerce and entertainment app.
Discovered by security researchers at CloudSEK, this malicious campaign relies on open-source Android malware to compromise victims’ devices and extract sensitive information such as contacts, messages, and bank account details. Get
Upon installation, the malware requires various permissions, including access to call and audio recordings, reading SMS messages, media, and photos.
These are then used to manipulate the device and perform malicious activities such as sending spam messages, fraudulent payments, modifying files, taking pictures with the camera without the user’s knowledge.
CloudSEK threat intelligence researcher Anshuman Das explained, “This campaign is a stark reminder of the financial motivation of the scammers to continually evolve their tactics.”
“They are not limited to creating phishing websites, but also distributing modified RATs and reusing malicious apps to run low-cost, easy-to-set-up yet highly lucrative fraudulent campaigns. can also do.”
DogeRAT is promoted through Telegram Channels by its creators. Telegram Channels offers a premium version of his malware for around $30 with additional features like taking screenshots, stealing images, and functioning as a keylogger.
Android Threat Deep Dive: New Android Banking Trojan ‘Nexus’ Promoted as MaaS
The developer of this malware has also created a GitHub repository to host it with video tutorials and a comprehensive list of features.
DogeRAT works using Java-based server-side code written in NodeJs to enable communication between the malware and the Telegram bot.
Then use a web view to display the URL of the target entity to make it look more legitimate.
To guard against this risk, experts recommend developing a habit of clicking links and attachments carefully, updating your software regularly, using security solutions, and being aware of common scam indicators. I suggest educating yourself about malware.
The CloudSec advisory came just days after ESET security researchers revealed another trojanized Android app that had been installed thousands of times.
