India has issued a warning to its citizens about a sophisticated malware called DogeRAT, which specifically targets Android users and poses a significant threat by potentially accessing sensitive data and giving hackers control over infected devices. The advisory, released by the Controller General of Defence Accounts within India’s Defense Ministry, comes as a response to the discovery of DogeRAT by cybersecurity startup CloudSEK.
According to the advisory dated August 24, DogeRAT primarily targets Android users in India and is typically distributed via social media and messaging platforms disguised as legitimate apps. These deceptive apps include popular names like ChatGPT, Opera Mini, and even masquerade as “premium versions” of well-known platforms such as YouTube, Netflix, and Instagram.
Once DogeRAT infiltrates a victim’s device, it gains unauthorized access to sensitive information, including contacts, messages, and banking credentials. Moreover, this malware can take over infected devices, granting hackers the ability to send spam, make unauthorized payments, manipulate files, and even capture photos and keystrokes. It goes further by tracking the user’s location and recording audio.
While the source of this threat remains undisclosed, the advisory underscores a recent incident in which a group of cybercriminals used Telegram to distribute counterfeit versions of popular apps like ChatGPT, Instagram, Opera Mini, and YouTube.
The Defense Ministry of India has urged its departments and officials to exercise caution when downloading apps from unverified third-party sources and clicking on links from unknown senders. They are advised to keep their smartphones updated with the latest software and security patches and install a reputable antivirus app.
CloudSEK initially reported on DogeRAT in late May, describing it as an open-source Android malware based on Java. This malware campaign targeted users across various industries, including banking and entertainment. Although the campaign initially focused on Indian users, its global reach was clearly intended.
The author of DogeRAT demonstrated in a GitHub post that the malware campaign could be launched using a Telegram bot and an open-source NodeJS app hosting platform, as noted by CloudSEK researchers.
The emergence of this advisory serves as a timely reminder of the growing cybersecurity challenges in India, a country experiencing significant digitization. India has become the world’s second-largest internet market after China, and with this surge in digital activity, cybersecurity breaches have followed suit. The Indian IT ministry reported a staggering 171% increase in cybersecurity incidents affecting government departments, rising from 70,798 in 2018 to 192,439 in 2022.
One notable cybersecurity incident involved a ransomware attack on India’s largest public medical institution, the All India Institute of Medical Sciences (AIIMS) in New Delhi, last year. This attack impacted five servers containing a total of 1.3 terabytes of data, as disclosed by the government in its response to parliament in December.
Leave a Reply