'DogeRAT' Targets Users In India Through Social Media Apps On Android

A new Android trojan 'DogeRAT' is spreading in India through fake social media and other apps. The malware is targeting particularly the Android users in India, according to cybersecurity firm CloudSEK.

The malware targets victims by impersonating popular apps like YouTube, Netflix, Instagram and ChatGPT and gains access to call logs, audio recordings, text messages, media and photos. It can steal sensitive information such as contacts and banking credentials from devices.

CloudSEK, a contextual AI company that forecasts cyber risks, has uncovered the new open-source Android virus, dubbed DogeRAT (Remote Access Trojan), which aims to steal financial and personal information from a wide variety of businesses.

DogeRAT is a complex Android malware that propagates largely via compromised websites and unofficial app marketplaces. When it infects a device, it steals personal data, gives the attacker remote access to the infected device, and bombards the user with unwanted advertisements.

The infection can also be used to take over the victim's device and use it to send spam, make unwanted payments, alter files, check call logs, and even snap pictures using the front and back cameras.

When the Trojan is first activated, it is said to gain access to a wide variety of information and capabilities. Its reach is not limited to call records, audio recording, and reading SMS messages, media, images, etc alone but other areas too, according to CloudSEK.

The malware disguises itself as legitimate mobile applications. Furthermore, it grants remote access to the device, allowing hackers to carry out malicious actions like sending spam messages, unauthorised payments, file modifications, call record viewing, and even capturing photos using both the front and rear cameras of the compromised device.

Sharing further insights into the distribution methods of the CloudSEK malware, CloudSEK said the primary mode of spreading the malware involves sharing links on social media platforms. These links are typically transmitted through direct messages or posted as spam comments on various posts. Additionally, messaging platforms are also utilized to distribute the malware.