Android devices are great. They’re fast, they’re convenient, and they allow users to get applications from all kinds of sources. Unfortunately, the last one has a bitter-sweet effect, as anything can be downloaded, including malware. It happened numerous times in the past, and it’s happening again. This time, it’s the DogeRAT Trojan.
When it comes to malware injection, threat actors will always find new ways to complete their tasks. And what better way to distribute malicious software than through phishing campaigns and fake applications?
This particular campaign targets Indian Android users, promising premium versions of popular applications yet installing DogeRAT in the process. How is this being implemented? What’s at risk? We’ve discussed everything below.
DogeRAT – Legit/Fake Apps Everywhere
As we mentioned, Android devices are quite useful and convenient, but they’re also susceptible to infiltration from any source.
Users of the popular operating system have been targeted by numerous attacks during 2022, and these campaigns just kept coming in 2023.
In fact, even Google Play Store has been breached several times, spreading all sorts of malware families.
This particular campaign’s process isn’t that different from those that previously occurred. As a first step, the threat actors used phishing tactics to lure their victims.
These include fake ads, deals, and promises via social media and messaging platforms. These texts or ads promote legitimate applications like Opera Mini, Premium versions of YouTube, Netflix, and Instagram, as well as ChatGPT.
For example, Youtube Premium is a very demanded service as it omits the ads users receive while watching videos.
Since this option requires a subscription, offering Premium Youtube memberships for free would be the perfect lure.
Once the users install one of these applications, the malware will take root on the device and gain unauthorized access to sensitive data, including banking credentials, text messages, and contacts.
According to cybersecurity firm CloudSEK in yesterday’s report:
“The malware is capable of tracking device location, recording the microphone, retrieving contact lists, accessing call, SMS, clipboard, and notification logs, viewing installed applications, downloading and uploading files, viewing connectivity status, and executing additional commands from the C2 server,”
Additionally, CloudSEK mentions that the group is not limited when it comes to the execution of the malware campaign.
It’s not always phishing attacks, and it’s always different versions of modified Remote Access Trojans.
“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns.”Source: CloudSEK
This particular trojan is very dangerous, especially since it’s a free version available on GitHub, alongside screenshots and video tutorials showcasing its functions.
In other words, the threat actor behind this campaign isn’t the only one to look out for. DogeRAT is accessible to other criminal actors that might have far more elevated capabilities.
Legitimate Apps, Legitimate Trojan
Things are getting very serious, especially since the malware is being promoted with premium features on Telegram. The platform has been used in the past for malware advertisement.
Remember, never download anything from untrusted sources. You never know who’s behind it and what their intentions are.
When it comes to malware such as DogeRAT, users can easily be alarmed when a shady practice is in place.
It requests intrusive permissions to perform its data-gathering objectives, which means it can be stopped in its tracks. Stay safe.