DogeRAT (Remote Access Trojan) is an open-source Android malware that targets a sizable customer base from various businesses, particularly banking, and entertainment.
CloudSEK’s TRIAD team detected it. Although this campaign primarily targeted consumers in India, it aims to be accessible to everyone.
The malware is being disseminated disguised as a legitimate app through social networking and messaging apps.
The malware can take significant information from the victim’s device after it has been installed, including contacts, messages, and banking credentials.
Particularly, the malware can also be used to hijack the victim’s device and carry out harmful tasks like sending spam messages, making unauthorized purchases, editing files, reading call logs, and even snapping pictures with the infected device’s front- and rear-facing cameras.
The impersonated apps include Opera Mini – a fast web browser, Android VulnScan, YOUTUBE PREMIUM, Netflix Premium, ChatGPT, Lite 1 [Facebook], and Instagram Pro.
It was discovered that the malware’s creator had marketed DogeRAT in two Telegram channels.
The author of the RAT has provided a premium version of DogeRAT, which includes additional features such as taking screenshots, stealing images from the gallery, acting as a keylogger, stealing information from the clipboard, and having a new file manager in addition to greater persistence and seamless bot connections with the infected device.
The free version of DogeRAT, screenshots, and video lessons demonstrating its features, has been made available on GitHub in an additional effort to make it more approachable for other criminal actors.
“This Java-based android RAT uses a very simple server-side code written in NodeJs to interact with Telegram Bot and an infected device through a web socket,” researchers explain.
“In this scenario, the Telegram Bot is working as the Command and Control panel for the threat actor who creates the setup and deploys the DogeRAT.”
Reports say the trojan initially gains access to many rights, such as call log access, audio recording, reading of SMS messages, media, images, etc.
Hence, researchers say this campaign serves as a “stark reminder” of the financial incentives driving scammers to improve their methods continuously.
To protect your digital assets, one must be vigilant and take protective precautions.
“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns,” researchers.
Common Security Challenges Facing CISOs? – Download Free CISO’s Guide
CISA has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S.…
Google has issued an urgent security update for its Chrome web browser to address three…
Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout…
A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique…
Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant…
A sophisticated malware campaign has emerged that leverages fake online speed test applications to deploy…