The malware author is not greedy and offers customers a lot of malicious features for only $30 a month.
Cybersecurity experts have discovered a new mobile remote access Trojan called DogeRAT that targets Android users, predominantly in India. The malware spreads through social networks and instant messengers under the guise of legitimate applications such as Opera Mini, OpenAI ChatGOT and premium versions of YouTube, Netflix and Instagram.
“Once installed on a victim’s device, DogeRAT gains unauthorized access to sensitive data, including contacts, messages, and banking credentials,” CloudSEK said in a report released on Monday.
“The malware can also take full control of the infected device, allowing it to perform malicious activities such as sending spam messages, making unauthorized payments, modifying files, and even remote photography through the device’s cameras,” the researchers added.
DogeRAT, like many other MaaS malware, is promoted by a local developer through a Telegram channel created last June. At the moment, the audience of the channel is over 2100 subscribers.
For a while, a completely free version of DogeRAT with limited functionality was available on GitHub, rather to demonstrate its capabilities. But for as little as $30 a month, customers can access the program's features, such as taking screenshots, stealing images, capturing the contents of the clipboard, and logging keystrokes.
“We do not condone any illegal or unethical use of this tool. The user bears all responsibility for the use of this software,” the Trojan developer states in the “README.md” file located in the repository.
Once installed on a device, the Java-based malware, disguised as a popular legitimate app, requests all necessary permissions to collect data and then uploads that data from the device via Telegram.
“This campaign is a poignant reminder of the financial motivation that keeps scammers constantly evolving their tactics,” said Anshuman Das, CloudSEK researcher.
“They are not limited to creating phishing sites, but also distribute modified RATs or rework malicious applications for fraud campaigns that are inexpensive and easy to set up, but bring high returns,” the researcher concluded.
Recently, India has often suffered from cyber attacks on mobile platforms. So, literally today we already wrote about the Daam Android malware, which combines the functions of ransomware and spyware at the same time. And if you do not start only from the Indian malware market, you can recall another dangerous Android malware - Rasket, which Kaspersky Lab researchers spoke about a few days ago.