Android devices are popular because of their freedom, including the ability to download apps and games from anywhere. Despite being exciting for users, this can also expose them to malware attacks. A new malware called Daam has been identified by the Indian cyber security agency CERT-IN. Not only can this malware steal your private data, but it can also act as ransomware.
Many Android devices are infected with Daam malware, according to the CERT-IN advisory. In order to spread the malware, untrusted sources, and third-party websites are being used. In order to infect the device, it communicates via Android APK files. Even worse, it can bypass antivirus software and ultimately deploy ransomware on affected devices.
Daam begins by bypassing security checks as soon as it reaches a device. Next, it will steal all the data stored on the device if it succeeds. It can include reading history, call logs, bookmarks, stealing SMSes, downloading/uploading files, and even changing device passwords. The application can also kill background processes, record calls, capture screenshots, and access the device’s camera.
Both normal phone calls and VoIP calls can be recorded. Data is then transmitted from the victim’s device to the C2 server by Daam. Even worse, it has ransomware abilities. By using the AES encryption algorithm, it can encrypt files on the device and delete everything else. A ransom note file titled “readme_now.txt” is included with all encrypted files.
Here is how you can protect yourself from this malware:
Get Android apps and games from Google Play or the app store provided by your device’s brand, like Oppo, Samsung, or Xiaomi. Make sure you check out user reviews and ratings before you download anything. Make sure Android security updates/patches are up-to-date.
Whenever you get an SMS, email, or Direct Message, don’t click the link to an unknown/untrusted website. Make sure the URL clearly indicates the domain of the website. Users can search for the organization’s website directly using search engines if they’re unsure.
You shouldn’t click on short URLs (bit.ly or tinyurl) directly. Use URL checkers to check the full URL or use the shortening service preview feature to see what the short URL is. Update your antivirus software. Use Safe Browsing tools, and filtering tools (antivirus and content-based filtering) with your antivirus, firewall, and filtering services.
Make sure any website you’re sharing sensitive info with has a valid encryption certificate (green lock). If you see anything weird with your account, let the bank know right away.