Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users

May 30, 2023Ravie LakshmananMobile Security / Android

A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign.

The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.

“Once installed on a victim’s device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials,” cybersecurity firm CloudSEK said in a Monday report.

“It can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos through the device’s cameras.”

DogeRAT, like many other malware-as-a-service (MaaS) offerings, is promoted by its India-based developer through a Telegram channel that has more than 2,100 subscribers since it was created on June 9, 2022.

This also includes a premium subscription that’s sold for dirt-cheap prices ($30) with additional capabilities such as taking screenshots, stealing images, capturing clipboard content, and logging keystrokes.

DogeRAT Trojan

In a further attempt to make it more accessible to other criminal actors, the free version of DogeRAT has been made available on GitHub, alongside screenshots and video tutorials showcasing its functions.

“We do not endorse any illegal or unethical use of this tool,” the developer states in the repository’s README.md file. “The user assumes all responsibility for the use of this software.”

Upon installation, the Java-based malware requests for intrusive permissions to perform its data-gathering objectives, before exfiltrating it to a Telegram bot.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

“This campaign is a stark reminder of the financial motivation driving scammers to continually evolve their tactics,” CloudSEK researcher Anshuman Das said.

“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns.”

The findings come as Google-owned Mandiant detailed a new Android backdoor called LEMONJUICE that’s designed to enable remote control of and access to a compromised device.

“The malware is capable of tracking device location, recording the microphone, retrieving contact lists, accessing call, SMS, clipboard, and notification logs, viewing installed applications, downloading and uploading files, viewing connectivity status, and executing additional commands from the C2 server,” researcher Jared Wilson said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cyber Security

Articles You May Like

Senua’s Saga: Hellblade II Review: Ninja Theory’s Flawed, but Uncompromising Sequel Is a Cinematic Achievement
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Grand Theft Auto: The Trilogy – the Definitive Edition Has Hit 30 Million Downloads on Netflix Games: Report
Vivo Y58 5G to Launch in India on June 20, Design, Colours Teased
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

Leave a Reply

Your email address will not be published. Required fields are marked *