India has warned its citizens of an advanced malware targeting Android users, capable of accessing sensitive data and allowing hackers control over infected devices.
The Controller General of Defence Accounts, a department in India’s Defense Ministry, released the advisory on the Remote Access Trojan called DogeRAT, originally brought to notice by the cybersecurity startup CloudSEK. The note said the malware, targeting Android users primarily located in India, is distributed via social media and messaging platforms as legitimate apps such as ChatGPT, Opera Mini and even as “premium versions” of YouTube, Netflix and Instagram.
“Once installed on a victim’s device, the malware gains unauthorized access to sensitive data including contacts, messages and banking credentials,” the advisory dated August 24 said.
The malware can commandeer infected devices, allowing hackers to send spam, initiate unauthorized payments, alter files, and even capture photos and keystrokes; it can also track the user’s location and record audio, the note said.
While the origin of the threat remains unknown, the advisory highlights that a group of cybercriminals used Telegram to disseminate fake versions of popular apps such as ChatGPT, Instagram, Opera Mini, and YouTube in a recent incident.
The Defense Ministry has asked its departments and officials to refrain from downloading apps from unverified third-party platforms and clicking on links from unknown senders. They are also advised to keep smartphones updated with the latest software and security patches and to install an antivirus app.
In its blog post in late May, CloudSEK said the open-source Android malware, based on Java, targeted customers across multiple industries, including banking and entertainment. The startup also noted that while most of the campaign initially targeted users in India, it is intended to have a global reach.
DogeRAT’s author showed in a post on GitHub that the malware campaign could be launched using a Telegram bot and an open-source NodeJS app hosting platform, CloudSEK researchers said.
The emergency of the advisory was first reported by the local outlet Moneycontrol.
With India’s rise in digitization, cybersecurity breaches have surged in the nation, now the world’s second-largest internet market after China. The Indian IT ministry reported a 171% increase in cybersecurity incidents affecting government departments, rising to 192,439 in 2022 from 70,798 in 2018.
One of the significant cybersecurity incidents targeted India’s biggest public medical institution, All India Institute of Medical Sciences (AIIMS), in New Delhi last year. The ransomware attack impacted five servers containing a total of 1.3 terabytes of data, the government disclosed in its response to the parliament in December.