India issues warning to citizens over malware infesting androids
Although the origin of the malware remains under investigation, the government states that a group of cybercriminals used Telegram to send out fake versions of popular apps such as ChatGPT, Instagram, Opera Mini, and YouTube.
Citizens of India have been warned by the government of advanced malware targeting Android users, as the virus has been shown capable of accessing sensitive data and giving hackers control over infected devices.
An advisory was released by the Controller General of Defence Accounts, a department in India’s Defense Ministry, regarding the Remote Access Trojan called DogeRAT, which was initially brought to light by the cybersecurity startup CloudSEK.
According to the note by CloudSEK, the virus has been targeting Android users mainly located in India and is being transmitted through social media and messaging apps like ChatGPT, Opera Mini, and even "premium versions" of YouTube, Netflix, and Instagram.
"Once installed on a victim’s device, the malware gains unauthorized access to sensitive data including contacts, messages, and banking credentials," the advisory said on August 24, adding that it allows hackers to send spam, commit unauthorized payments, change files, and go as far as capture photos and keystrokes while tracking the user’s location and record audio.
Avoid downloading apps from unverified third parties
Although the origin of the malware remains under investigation, the department stated that a group of cybercriminals used Telegram to send out fake versions of popular apps such as ChatGPT, Instagram, Opera Mini, and YouTube.
All departments and officials at the Defense Ministry have been requested to avoid downloading apps from unverified third parties or clicking on links from unknown senders while also being asked to keep smartphones updated with the latest software and security patches. An antivirus app has also been advised to be downloaded.
Back in May, CloudSEK said in a blog that the Java-based open-source Android malware targeted users in industries including banking and entertainment and added the target might reach a global aim.
In a post on GitHub, DogeRAT’s author claimed that the malware campaign could operate through a Telegram bot and an open-source NodeJS app hosting platform, per CloudSEK researchers.
Local outlet Moneycontrol was the first to report the emergency of the advisory.
Cybersecurity breaches have been not just common but on the rise in the nation with the country's rise in digitization, which is now considered the world’s second-largest internet market after China.
The Indian IT ministry demonstrated a 171% jump in cybersecurity violations affecting government departments, increasing to 192,439 in 2022 from 70,798 in 2018.
Last year in New Delhi, one of the biggest cybersecurity incidents targeted India’s largest public medical institution, All India Institute of Medical Sciences (AIIMS), during which the attack affected five servers containing 1.3 terabytes of data.