New Delhi: Beware mobile phone users!
An Android malware has been found to be spreading rapidly, warned Indian Computer Emergency Response Team (CERT-In).
In its latest advisory, the national cyber security agency said that the malaware called ‘Daam’ infects mobile phones and hacks into sensitive data like call records, contacts, history and camera.
The virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices,” alerted the agency which is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults, and similar online attacks.
The Android botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources, CERT-In said.
“Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc.,” the advisory said.
Besides being capable of hacking phone call recordings, contacts, gaining access to camera, ‘Daam’ is also capable of modifying device passwords, capturing screenshots, stealing SMSes, downloading/uploading files, and transmitting to the C2 (command-and-control) server from the victim’s (affected persons) device, the agency said.
Do’s and Don’ts
CERT-In has ways to avoid getting attacked by such viruses and malware.
* Don’t browsw ‘un-trusted websites’ or click on ‘un-trusted links’
* Be cautious while clicking on any link provided in unsolicited emails and SMSes; Install and maintain updated anti-virus and anti-spyware software
* Be on the lookout for ‘suspicious numbers’ that don’t look like ‘real mobile phone numbers’ as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number. “Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in the sender information field,” CERT-In said
* Exercise caution towards shortened URLs (uniform resource locators), such as those involving ‘bitly’ and ‘tinyurl’ hyperlinks like: “http://bit.ly/” “nbit.ly” and “tinyurl.com/”.
* Hover the cursor over shortened URLs to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL.