Government Advisory warns of ‘Daam’ malware threat targeting Android phones

The Indian government has recently issued a crucial advisory regarding the ‘Daam’ virus malware, which poses a significant threat to Android phones.

The advisory, released by CERT-In, the national cybersecurity agency, highlights that the ‘Daam’ virus has the potential to compromise call records, contacts, browsing history, app access and even the device’s camera.

According to the advisory, the ‘Daam’ malware possesses the alarming capability of evading antivirus programs and deploying ransomware on targeted devices. It primarily spreads through third-party websites or applications obtained from untrusted or unknown sources.

Once the ‘Daam’ virus infiltrates an Android phone, it actively circumvents the device’s security checks. Upon successfully bypassing these safeguards, the malware proceeds to exploit sensitive data, such as call records and browsing history.

The advisory further details that once the malware infiltrates the device, it attempts to bypass the device’s security checks and then gains unauthorized access to various permissions, including reading history and bookmarks, terminating background processes, and accessing call logs.

Moreover, the ‘Daam’ virus has the capability to compromise phone call recordings, contacts, camera functionality, and even modify device passwords.

Additionally, it can capture screenshots, steal SMS messages, and engage in unauthorized file transfers. The stolen data is then transmitted to a command-and-control (C2) server from the victim’s device.

The ‘Daam’ malware employs the advanced encryption standard (AES) algorithm to encrypt files within the victim’s device, resulting in the deletion of other files from storage. The encrypted files are identifiable by the “.enc” extension, accompanied by a ransom note named “readme_now.txt”.

To protect against such attacks, CERT-In advises users to exercise caution when browsing untrusted websites or clicking on unverified links.

It is crucial to avoid clicking on any links provided in SMS messages and emails. Regularly updating antivirus software is also recommended.

Additionally, users should remain vigilant for suspicious numbers that may not resemble genuine mobile phone numbers.

Scammers often disguise their identity by using email-to-text services to conceal their actual phone numbers. Genuine SMS messages from banks typically contain a sender ID consisting of the bank’s short name rather than a phone number in the sender information field.

Users are also advised to be cautious when encountering shortened URLs, such as those employing ‘bitly’ and ‘tinyurl’ hyperlinks (e.g., “https://bit.ly/”, “\nbit.ly”, “tinyurl.com/”). These precautions can significantly minimize the risk of falling victim to the ‘Daam’ malware or similar cyber threats.

It is essential to stay informed and remain proactive in safeguarding personal devices from malicious attacks.

By adopting these preventative measures, users can protect their sensitive information and ensure a secure digital experience.