A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign.
The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.
“Once installed on a victim’s device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials,” cybersecurity firm CloudSEK said in a Monday report.
“It can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos through the device’s cameras.”
DogeRAT, like many other malware-as-a-service (MaaS) offerings, is promoted by its India-based developer through a Telegram channel that has more than 2,100 subscribers since it was created on June 9, 2022.
This also includes a premium subscription that’s sold for dirt-cheap prices ($30) with additional capabilities such as taking screenshots, stealing images, capturing clipboard content, and logging keystrokes.
In a further attempt to make it more accessible to other criminal actors, the free version of DogeRAT has been made available on GitHub, alongside screenshots and video tutorials showcasing its functions.
“We do not endorse any illegal or unethical use of this tool,” the developer states in the repository’s README.md file. “The user assumes all responsibility for the use of this software.”
Upon installation, the Java-based malware requests for intrusive permissions to perform its data-gathering objectives, before exfiltrating it to a Telegram bot.
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Learn, Connect, Grow
“This campaign is a stark reminder of the financial motivation driving scammers to continually evolve their tactics,” CloudSEK researcher Anshuman Das said.
“They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns.”
The findings come as Google-owned Mandiant detailed a new Android backdoor called LEMONJUICE that’s designed to enable remote control of and access to a compromised device.
“The malware is capable of tracking device location, recording the microphone, retrieving contact lists, accessing call, SMS, clipboard, and notification logs, viewing installed applications, downloading and uploading files, viewing connectivity status, and executing additional commands from the C2 server,” researcher Jared Wilson said.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.