Beware Android Users! New Malware Variant “Daam” Capable Of Stealing Sensitive Data And Deploying Ransomware On Devices: CloudSEK

NEW DELHI: Cybersecurity experts from CloudSEK’s Threat Intelligence Research Team have discovered a new Android malware variant that is capable of evading antivirus programs, stealing sensitive data, and even deploying ransomware on the infected endpoints. Dubbed “Daam” by the researchers, this malware is a major cause for concern for Android users.

According to the researchers, the malware communicates with various Android APK files, suggesting that this is a likely source of infection. Once deployed on a device, Daam will attempt to circumvent security checks on a range of mobile brands. If successful, it will then try to obtain highly sensitive permissions such as recording audio, reading history bookmarks, killing background processes, and reading call logs.

ALSO READ: Cyber Criminals Exploit ChatGPT’s Popularity To Spread Malware Via Facebook Accounts: CloudSEK

Daam is also capable of recording all ongoing calls, including cellular and VoIP calls, and transmitting them to the command & control (C2) server. The malware can also steal contacts from the victim’s device and pilfer newly added contacts.

To make matters worse, Daam is also equipped with ransomware capabilities. After encryption, all other files on the device are deleted, leaving only the encrypted files with a .enc extension on the device. The malware also drops a “readme_now.txt” file, which is likely a ransom note.

The malware is being distributed through third-party websites, and the researchers have found a total of three apps being circulated: Psiphon Client for Android and Windows – a circumvention software for Windows and Android that bypasses paywalls and other censored content; Boulders – a mobile game; and Currency Pro – a currency converter.

ALSO READ: Misuse Of ChatGPT: Europol Warns of Potential Risks Posed By Large Language Models On Law Enforcement

The researchers advise Android users to download apps from legitimate sources and check reviews and user comments before downloading anything. Taking these precautions will reduce the likelihood of downloading malicious apps and becoming a victim of malware such as Daam.

The discovery of Daam is a stark reminder of the importance of mobile security. With more and more people relying on mobile devices for work and personal use, it is essential to be vigilant and take precautions to protect personal and sensitive information from falling into the wrong hands.

Impact of Daam Malware:

• The exposure of personally identifiable information (PII) could lead to social engineering schemes, phishing attacks, and identity theft by other threat actors.
• If critical data is encrypted and not backed up, victims may have no choice but to pay the ransom to retrieve their data.
• Password reuse is common, so the exposed credentials could allow threat actors to gain access to other accounts of the users.
• The malware has the ability to change device passwords, thereby locking users out of their own devices, and it also has encryption capabilities.

Mitigation:

• Monitor user accounts and systems for anomalies that may indicate a possible takeover, such as noisy calls, heating up or slowing down of devices, battery issues, abnormal app behavior, and unusual notifications.
• Install a strong antivirus to detect malicious signatures in the system.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube