Jump to content
  • This dangerous new malware also has ransomware capabilities

    aum

    • 466 views
    • 2 minutes
     Share


    • 466 views
    • 2 minutes

    Daam malware found targeting Android devices

     

    A new Android malware variant has been found that’s capable of hiding from antivirus programs, stealing sensitive data, and even deploying ransomware (opens in new tab) on the infected endpoints.

     

    Cybersecurity experts from CloudSEK’s Threat Intelligence Research Team discovered the malware, which they dubbed “Daam”.

     

    The malware was communicating with “various Android APK files”, the researchers said, suggesting that this was a “likely source of infection”.


    Recording calls

     

    Once deployed on a device, the malware will first try to circumvent security checks on a range of mobile brands. If it successfully manages to hide from antivirus programs, it will try to get highly sensitive permissions, such as the ability to record audio, read history bookmarks, kill background processes, and read call logs.

     

    The malware is also able to record all ongoing calls, both cellular and VoIP ones, and later transmit them to the command & control (C2) server.

     

    Daam is also capable of stealing contacts from the victim's device, as well as pilfering newly added contacts, as well.

     

    In other words, even your WhatsApp calls wouldn’t be safe from eavesdropping, and the files you store on your mobile device could be stolen.

     

    To make matters worse, the malware was also observed to have ransomware capabilities. The researchers are saying Daam is able to encrypt the files on the device using AES algorithms present in the root directory and SD card. It also drops a “readme_now.txt” file - most likely a ransom note.

     

    After the encryption, all other files are deleted from local storage, leaving only the encrypted files with a .enc extension on the device.

     

    The malware is being distributed through third-party websites, the researcher said, finding a total of three apps being circulated: Psiphon Client for Android and Windows - a circumvention software for Windows and Android that bypasses paywalls and other censored content; Boulders - a mobile game; and Currency Pro - a currency converter.

     

    As usual, to stay safe, make sure to download apps only from legitimate sources, and to check reviews and user comments before downloading anything.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...