Editorial image credit: 22 TREE HOUSE / Shutterstock.com
A sophisticated malware campaign called DogeRAT has been observed impersonating Android banking, financial services and insurance (BFSI), e-commerce and entertainment apps.
Discovered by security researchers at CloudSEK, the malicious campaign relies on open source Android malware to compromise the security of victims’ devices and obtain sensitive information, including contacts, messages and banking details.
Upon installation, the malware requires various permissions, including access to call logs and audio recordings and to read SMS messages, media and photos.
It then uses these to manipulate the device and carry out malicious activities, like sending spam messages, making unauthorized payments, altering files and taking pictures through the camera without the user’s knowledge.
“This campaign is a stark reminder of the financial motivation driving scammers to continually evolve their tactics,” explained CloudSEK threat intelligence researcher Anshuman Das.
“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns.”
DogeRAT is advertised by its creator through Telegram Channels, which offer a premium version of the malware costing roughly $30 and featuring additional capabilities like taking screenshots, stealing images, acting as a keylogger and more.
Read more on Android threats: New Android Banking Trojan ‘Nexus’ Promoted As MaaS
The malware’s developer has also created a GitHub repository to host it, which showcases a video tutorial and a comprehensive list of features and capabilities.
DogeRAT operates using Java-based server-side code written in NodeJs, enabling communication between the malware and the Telegram Bot.
It then uses a web view to show the URL of the targeted entity, making it seem more legitimate.
To safeguard against this risk, experts suggest practicing careful clicking habits when it comes to links and attachments, regularly updating software, utilizing a security solution, being mindful of common scam indicators and educating oneself about malware.
The CloudSek advisory comes days after ESET security researchers shed light on a separate trojanized Android app with thousands of installs.