Cyber security warns malware 'Daam' could steal calls, contacts, cameras from mobile phones

New Delhi: The latest advisory from the national cyber security agency warns about the emergence of a malicious Android malware named 'Daam' that is spreading rapidly. This malware has the ability to infect mobile phones and gain unauthorized access to sensitive data such as call records, contacts, browsing history, and even the device's camera.

Additionally, it possesses the capability to bypass antivirus programs, making it difficult to detect and counteract. Moreover, the malware can deploy ransomware on the targeted devices, further complicating the situation for the victims.

The Indian Computer Emergency Response Team (CERT-In), which is responsible for defending against cyber-attacks and safeguarding the online space from phishing, hacking, and other similar threats, has highlighted that the Android botnet is primarily distributed through third-party websites or applications that are downloaded from untrusted or unknown sources.

"Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc," the advisory said.

'Daam' is also capable of hacking phone call recordings, and contacts, gaining access to cameras, modifying device passwords, capturing screenshots, stealing SMSes, downloading/uploading files, etc. and transmitting to the C2 (command-and-control) server from the victim's (affected persons) device, the advisory said.

The malware, it said, utilises the AES (advanced encryption standard) encrya ption algorithm to code files in the victim's device.

Other files are then deleted from the local storage, leaving only the encrypted files with the ".enc" extension and a ransom note that says "readme_now.txt", the advisory said.

The central agency suggested a number of do's and don'ts to avoid getting attacked by such viruses and malware.

The Cert-In advised against browsing "un-trusted websites" or clicking on "un-trusted links". Caution should be exercised while clicking on any link provided in unsolicited emails and SMSes, it said. Install and maintain updated anti-virus and anti-spyware software, it suggested.

It also suggested that users should be on the lookout for "suspicious numbers" that don't look like "real mobile phone numbers" as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.

"Genuine SMS messages received from banks usually contain sender ID (consisting of bank's short name) instead of a phone number in the sender information field," it said.

It also asked users to exercise caution towards shortened URLs (uniform resource locators), such as those involving 'bitly' and 'tinyurl' hyperlinks like: "http://bit.ly/" "nbit.ly" and "tinyurl.com/".

Users are advised to hover their cursors over the shortened URLs to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL, the advisory suggested.

With PTI Inputs