India warns of malware attacks targeting Android users
Image credits: Jacob Borzycki/NurPhoto/Getty Images
India has warned its citizens of advanced malware targeting Android users, capable of accessing sensitive data and allowing hackers to take control of infected devices.
The Comptroller General of Defense Accounts, a division of the Indian Ministry of Defence, issued the advisory on a remote access Trojan named DogeRAT, which was originally notified by cybersecurity startup CloudSEK. The memo said the malware, which targets Android users primarily located in India, is distributed across social media and messaging platforms as legitimate apps such as ChatGPT and Opera Mini and even as “premium versions” of YouTube, Netflix and Instagram.
“Once the malware is installed on the victim’s device, it gains unauthorized access to sensitive data including contacts, messages, and banking credentials,” the warning, dated August 24, read.
Malware can take over infected devices, allowing hackers to send spam, initiate unauthorized payments, change files, and even capture images and keystrokes; It can also track a user’s location and record audio, the note said.
While the origin of the threat remains unknown, the warning highlights that a group of cybercriminals used Telegram to spread fake versions of popular apps such as ChatGPT, Instagram, Opera Mini and YouTube in a recent incident.
The Ministry of Defense asked its departments and officials to refrain from downloading applications from unverified third-party platforms and clicking on links from unknown senders. It is also advised to keep smartphones updated with the latest software and security patches and to have an antivirus app installed.
In a blog post in late May, CloudSEK said the open source Android malware, which is based on Java, targeted customers in several industries, including banking and entertainment. The startup also notes that while most of the campaign initially targeted users in India, it aims to reach a global reach.
CloudSEK researchers said the author of DogeRAT demonstrated in a GitHub post that the malware campaign can be launched using a Telegram bot and the open source NodeJS app hosting platform.
The advisory emergency was first reported by local outlet Moneycontrol.
And with India’s rise in digitization, so have cybersecurity breaches in the country, which is now the world’s second largest internet market after China. India’s Ministry of Information Technology reported a 171% increase in cybersecurity incidents affecting government departments, rising to 192,439 in 2022 from 70,798 in 2018.
A significant cybersecurity incident targeted India’s largest public medical institution, the All India Institute of Medical Sciences (AIIMS), in New Delhi last year. The ransomware attack affected five servers containing a total of 1.3 terabytes of data, the government disclosed in its response to Parliament in December.
