National cyber security warns of Damm Virus spreading on Android phones and stealing information
CERT-In warns for Damm virus in Android smartphones that can bypass anti-virus programs and deploy ransomware on the targeted devices. According to the national cyber security agency, this virus is spreading rapidly.
Android Malware
‘Damm’ is an Android malware that infects smartphones. The virus hacks the system and steals call records, history, contacts and other sensitive data.
The virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”, the Indian Computer Emergency Response Team or CERT-In said.
CERT-In
CERT-In is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defense of the Indian Internet domain.
The agency is the federal technology arm to combat cyber-attacks.
Damm Capabilities
According to agency analysis, the Android trojan gets disturbed with third-party websites. In addition, the Android botnet gets interrupted by applications downloaded from untrusted/unknown sources.
“Once it is placed in the device, the malware tries to bypass the security check of the device and after a successful attempt, it attempts to steal sensitive data, and permissions such as reading history and bookmarks, killing background processing, and reading call logs etc,” the advisory said.
Further, ‘Daam’ is capable of hacking phone call recordings, contacts, gaining access to camera, and modifying device passwords. Furthermore, the virus is capable of capturing screenshots, stealing SMSes, downloading/uploading files, and transmitting to the command-and-control server from the victim’s device.
Advanced Possibilities
In addition, the virus utilizes advanced encryption standard algorithm to code files in the victim’s device.
Other files are then deleted from the local storage. Further, leaving only the encrypted files with “.enc” extension and a ransom note that says “readme_now.txt”, the advisory said.
The central agency suggested a number of do’s and don’ts to avoid getting attacked by such viruses and malware.
The Cert-In advised against browsing “un-trusted websites” or clicking on “un-trusted links”. Caution should be exercised while clicking on any link provided in unsolicited emails and SMSes, it said. Install and maintain updated anti-virus and anti-spyware software, it suggested.
It also suggested that users should be on the lookout for “suspicious numbers” that don’t look like “real mobile phone numbers” as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
“Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in the sender information field,” it said.
It also asked users to exercise caution towards shortened URLs (uniform resource locators). Namely, such as those involving ‘bitly’ and ‘tinyurl’ hyperlinks like: “http://bit.ly/” “nbit.ly” and “tinyurl.com/”.
Users are advised to hover their cursors over the shortened URLs to see the full website domain which they are visiting. Moreover, users should use a URL checker that will allow the user to enter a short URL and view the full URL, the advisory suggested.
