India has warned its citizens of an advanced Android malware that can access sensitive data and give hackers control over infected devices.
Indian Defence Ministry’s Controller General of Defence Accounts issued an advisory on DogeRAT, a Remote Access Trojan discovered by cybersecurity startup CloudSEK. The note said the malware, which targets Android users in India, is spread via social media and messaging platforms as ChatGPT, Opera Mini, and “premium versions” of YouTube, Netflix, and Instagram.
“Once installed on a victim’s device, the malware gains unauthorized access to sensitive data including contacts, messages and banking credentials,” the August 24 advisory stated.
The note said the malware can hijack infected devices and send spam, make unauthorized payments, change files, capture photos and keystrokes, track the user’s location, and record audio.
The advisory notes that cybercriminals recently used Telegram to spread fake versions of ChatGPT, Instagram, Opera Mini, and YouTube. The threat’s origin is unknown.
The Defense Ministry advises its agencies and officials to avoid downloading apps from unknown third-party platforms and clicking on links from unknown senders. Install an antivirus app and update smartphones with the latest software and security patches.
In late May, CloudSEK blogged that Java-based open-source Android malware targeted banking and entertainment customers. The startup also noted that while most of the campaign initially targeted Indian users, it is intended to be global.
CloudSEK researchers said DogeRAT’s author demonstrated on GitHub that a Telegram bot and an open-source NodeJS app hosting platform could launch the malware campaign.
Local news outlet Moneycontrol reported the advisory’s emergency.
Cybersecurity breaches have increased in India, the world’s second-largest internet market after China, due to digitization. The Indian IT ministry reported 192,439 government department cybersecurity incidents in 2022, up 171% from 70,798 in 2018.
Last year, a major cybersecurity incident targeted India’s largest public medical institution, AIIMS in New Delhi. The government told parliament in December that the ransomware attack affected five servers with 1.3 terabytes of data.