‘Daam’ on the prowl; targets Android phones, warns central agency
Users are advised to hover their cursors over the shortened URLs to see the full website domain or use a URL checker, the advisory suggested.
Representative image
NEW DELHI: An Android malware called ‘Daam’ that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera has been found to be spreading, the national cyber security agency has said in its latest advisory.
The virus is also capable of “bypassing anti-virus programmes and deploying ransomware on the targeted devices”, said the Indian Computer Emergency Response Team (CERT-In), the federal technology arm to combat cyberattacks and guard the cyberspace against phishing, hacking and other online attacks.
The botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources.
“Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs, etc.,” the advisory said.
‘Daam’ is also capable of hacking phone call recordings, contacts, gaining access to camera, modifying device passwords, capturing screenshots, stealing SMSes, downloading/uploading files, etc. and transmitting to the command-and-control server from the victim’s device.
The malware utilises the advanced encryption standard encryption algorithm to code files in the victim’s device. Other files are then deleted from the local storage, leaving only the encrypted files with “.enc” extension and a ransom note that says “readme_now.txt”, it said.
To save oneself from such attacks, the agency said users should stay away from suspicious numbers that don’t look like real mobile phone numbers, as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
It also advised caution towards shortened URLs, such as those involving ‘bitly’ and ‘tinyurl’ hyperlinks like “http://bit.ly/” “nbit.ly” and “tinyurl.com/”.
Users are advised to hover their cursors over the shortened URLs to see the full website domain or use a URL checker, the advisory suggested.
