The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding a newly discovered Android malware called 'Daam.' This malicious software has the ability to infiltrate mobile phones, compromising sensitive information such as call records, contacts, browsing history, and even the device's camera. Additionally, Daam can bypass antivirus programs and deploy ransomware on the targeted devices. This blog post provides an overview of the advisory and offers preventive measures to avoid falling victim to such malware.
Spread and Infection:
Daam is primarily distributed through third-party websites or applications downloaded from untrusted or unknown sources. Once installed on a device, the malware attempts to bypass security checks and gain unauthorized access to sensitive data and permissions. It can read call logs, steal SMS messages, download/upload files, modify passwords, capture screenshots, and transmit data to a command-and-control server.
Encryption and Ransom Note:
The malware employs the AES encryption algorithm to encode files on the victim's device. After encrypting the files, Daam deletes other files from the local storage, leaving behind only the encrypted files, which bear the ".enc" extension. Additionally, a ransom note titled "readme_now.txt" is displayed, indicating that the victim's data has been compromised.
Preventive Measures:
To protect against Daam and similar threats, CERT-In recommends the following measures:
- Avoid visiting untrusted websites and clicking on untrusted links.
- Exercise caution when clicking on links in unsolicited emails and SMS messages.
- Install and regularly update antivirus and anti-spyware software.
- Remain vigilant for suspicious numbers that do not resemble legitimate mobile phone numbers, as scammers often use email-to-text services to hide their true identities.
- Genuine SMS messages from banks usually contain a sender ID (bank's short name) instead of a phone number.
- Be cautious when dealing with shortened URLs (e.g., those using 'bitly' or 'tinyurl') by hovering the cursor over the link to reveal the full website domain. Alternatively, use a URL checker to verify the full URL before visiting the site.
With the emergence of the 'Daam' Android malware, it is crucial for users to take necessary precautions to protect their devices and data. By following the advisory provided by CERT-In and implementing the recommended preventive measures, individuals can reduce the risk of falling victim to such malware. It is essential to remain vigilant and exercise caution while interacting with unknown sources and suspicious links to maintain a secure digital environment.
