Android Malware Daam Has Data Theft & Ransomware Capabilities: CERT-In Issues Advisory
Last week the Indian national cybersecurity agency – CERT-In, released an advisory related to the newly discovered malware ‘Daam’. This threat can bypass antivirus software, steal sensitive data, and deploy ransomware on victim’s devices. The advisory was released for Android phone users and is said to impact the best of the brands.
The malware was first identified in April 2023, by researchers of the Singapore-based cybersecurity company CloudSEK. ‘’ The malware was found to be communicating with various Android APK files, likely indicating the source of infection,’’ noted CloudSEK. The team also named three applications associated with this malicious APK file:
- Psiphon Client for Android and Windows: a free VPN
- Boulders: a mobile game
- Currency Pro: a currency converter
These trojanized apps are free and available on various unauthorized third-party websites. This sophisticated malware uses various techniques to access private data such as recording phone and VoIP calls, including calls made from encrypted services like Hike and Whatsapp.
Daam can easily bypass security to steal any file from the phones, including both new and old contacts, names of Google accounts, financial information, SMS messages and browser bookmarks. It can also upload/ download files, hack the camera, capture screenshots and lock phones by accessing device password and pin. The stolen data is subsequently transmitted to the threat actor managed C2 servers.
Moreover, to encrypt files on the victim’s device, the malware is said to use ‘’AES algorithms present in the root directory and SD card.’’ Once encryption is complete, it leaves behind “.enc” files and “readme_now.txt”, which is believed to be a ransom note.
As Daam can easily bypass any antivirus program, CloudSEK and CERT-In have suggested few measures using which users can utilize to protect and secure their devices. For instance, download apps from legitimate sources, check app reviews, use strong antivirus, check URLs, verify app permissions, etc.
By following these practices, the user can not only safeguard against Daam but also other ransomware gangs who utilize threats like phishing and identity and data theft to coerce their victims.