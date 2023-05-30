DogeRAT utilises open-source Android malware to steal sensitive information including contacts, messages, banking credentials, etc. and compromise the security of the victims’ devices.

A concerning new malware campaign has been detected, spreading through the circulation of deceptive apps disguised as popular platforms like YouTube, Netflix, Instagram, Opera Mini, and others. Researchers from cybersecurity firm CloudSEK have identified the campaign as DogeRAT (Remote Access Trojan), which employs open-source Android malware to pilfer sensitive information, including contacts, messages, and banking credentials, thus compromising the security of victims' devices.

In a statement, CloudSEK explained that DogeRAT can also gain control over infected devices, enabling malicious activities such as sending spam messages, unauthorised payments, file modifications, and even remote capture of photos through the device's cameras.

The malware is primarily distributed by malicious actors via links shared on social media platforms, either through direct messages or spam comments on posts, as well as through messaging platforms.

CloudSEK also found that a premium version of DogeRAT is being advertised through Telegram channels which offer capabilities such as taking screenshots, stealing images, acting as a keylogger, and more for as cheap as Rs 2,500.

Screenshot of the Telegram advertisement offering the premium version of DogeRAT. (Source: CloudSEK)

“The malware's author has also created a GitHub repository that hosts the RAT, complete with a video tutorial and a comprehensive list of features and capabilities,” CloudSEK added.

According to Anshuman Das, threat intelligence researcher, CloudSEK, scammers are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns.

“This campaign is a stark reminder of the financial motivation driving scammers to continually evolve their tactics. They We have found that threat actors are creating fake baking, e-commerce and entertainment apps to dupe people,” he said.

How does the malware work?

DogeRAT communicates with a Command and Control (C2) panel through a Telegram Bot, which serves as the interface for the threat actors to control and manage the infected devices.

The RAT uses a Java-based server-side code written in NodeJs to establish communication between the malware and the Telegram bot.

The malware employs a web view within the application to display the URL of the targeted entity, creating a sense of legitimacy.

DogeRAT requires various permissions upon installation — like most legitimate apps — including access to call logs, audio recording, and reading SMS messages, media, and photos.

Screenshots of the permissions requested by the malware. (Source: CloudSEK)

The RAT leverages a combination of open-source technologies, making it easily accessible for threat actors to launch scam campaigns.

Here is what you can do to keep your data and device safe

Be careful about what links you click on and what attachments you open. If you receive a link or attachment from someone you don't know, don't click on it or open it. Only download apps from the Google Play store on Android or App Store on iPhones.

Keep your software up to date. Software updates often include security patches that can help protect your device from malware.

Use a security solution. A good security solution can help protect your device from malware and other threats.

Be aware of the signs of a scam. Scammers often use techniques such as urgency, fear, and greed to trick victims. If you are ever unsure about a message or offer, it is best to err on the side of caution and not click on any links or open any attachments.

Educate yourself about malware. The more you know about malware, the better equipped you will be to spot it and protect yourself from it. There are many resources available online that can help you learn more about malware.