- This Eufy twin-turbine robot vacuum is a steal at $350 for Black Friday
- The robot vacuum that kept my floors free of muddy paw prints this fall is $600 off
- Here's how to get the ultimate Kindle bundle for $135 this Black Friday (plus more ways to mix and match deals)
- This racecar-looking robot mower mows a gorgeous lawn and is on sale for Black Friday
- I tested the world's first thermal phone camera with a 50Hz refresh rate, and here are the results (get $75 off in this Black Friday deal)
DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps
Editorial image credit: 22 TREE HOUSE / Shutterstock.com
A sophisticated malware campaign called DogeRAT has been observed impersonating Android banking, financial services and insurance (BFSI), e-commerce and entertainment apps.
Discovered by security researchers at CloudSEK, the malicious campaign relies on open source Android malware to compromise the security of victims’ devices and obtain sensitive information, including contacts, messages and banking details.
Upon installation, the malware requires various permissions, including access to call logs and audio recordings and to read SMS messages, media and photos.
It then uses these to manipulate the device and carry out malicious activities, like sending spam messages, making unauthorized payments, altering files and taking pictures through the camera without the user’s knowledge.
“This campaign is a stark reminder of the financial motivation driving scammers to continually evolve their tactics,” explained CloudSEK threat intelligence researcher Anshuman Das.
“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns.”
DogeRAT is advertised by its creator through Telegram Channels, which offer a premium version of the malware costing roughly $30 and featuring additional capabilities like taking screenshots, stealing images, acting as a keylogger and more.
Read more on Android threats: New Android Banking Trojan ‘Nexus’ Promoted As MaaS
The malware’s developer has also created a GitHub repository to host it, which showcases a video tutorial and a comprehensive list of features and capabilities.
DogeRAT operates using Java-based server-side code written in NodeJs, enabling communication between the malware and the Telegram Bot.
It then uses a web view to show the URL of the targeted entity, making it seem more legitimate.
To safeguard against this risk, experts suggest practicing careful clicking habits when it comes to links and attachments, regularly updating software, utilizing a security solution, being mindful of common scam indicators and educating oneself about malware.
The CloudSek advisory comes days after ESET security researchers shed light on a separate trojanized Android app with thousands of installs.
