cyber security. The Indian Computer Emergency Response Team or Cert-In has issued a warning against Android malware. Called 'Daam', the malware infects mobile phones and hacks into users’ sensitive data like call records, contacts, history and camera has been found on Android devices.
According to the national cyber security agency's latest advisory, the malware is capable of "bypassing anti-virus programs and deploying ransomware on the targeted devices".
Cert-In said that the Android malware is distributed through third-party websites or apps that have been downloaded from untrusted/unknown sources.
"Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc," the advisory said.
What makes 'Daam' dangerous
'Daam' is capable of hacking phone call recordings, contacts, gaining access to the camera, modifying device passwords, capturing screenshots, stealing SMSes, and downloading/uploading files, among others.
The malware also transmits data to the command-and-control server from the victim's device, the advisory said. It is said to utilise the advanced encryption standard (AES) encryption algorithm to code files in the victim's device.
The files on the victim's device are deleted from the local storage, and there are only the encrypted files with ".enc" extension along with a ransom note that says "readme_now.txt", the advisory said.
How to safeguard
Do not click on malicious-looking links: Cert-In advised Android users to not browse "un-trusted websites" or click on "un-trusted links". It said that users must exercise caution while clicking on any link provided in unsolicited emails and SMSes, it said.
Additionally, users must be cautious with shortened URLs, such as those involving 'bitly' and 'tinyurl' hyperlinks. They can hover their cursors over the shortened URLs to see the full website domain which they are visiting.
Look for suspicious numbers: The advisory said that users must be on the lookout for "suspicious numbers" that don't look like "real mobile phone numbers" as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
"Genuine SMS messages received from banks usually contain sender ID (consisting of bank's short name) instead of a phone number in the sender information field," it said.
Android device users are also advised to install and/ or update their antivirus and anti-spyware software.