Back in May, Indian researchers had raised concerns over a new malware threat emanating from social media and OTT apps. Now, the federal government has issued a formal warning about the DogeRAT malware targeting Android users and accessing sensitive data that could hand over access to hackers.
The advisory over the remote access trojan (RAT) came from the Controller General of Defence Accounts, a department related to the Ministry of Defense about three months after cybersecurity startup CloudSEK had first brought it up. The government note said the malware was distributed via social media and messaging platforms.
Why three months late? And, where’s MeitY?
Of course, one is not sure what took the government so long to issue the advisory and why it has come from a ministry different from the nodal one which should be the Ministry of Electronics and Information Technology. Back in May, CloudSEK had come across the DogeRAT malware while probing an SMS stealer scam.
The researchers had discovered that the malware was an open-source Android one designed to target individuals across industries with particular focus on banking and financial services, ecommerce and entertainment sectors. While India was the primary target, the bad actors were in all probability looking to expand their focus to other geographies.
The government note dated August 24 has reiterated what CloudSEK had said months ago about the prime target being Android users and the distribution channel being messaging platforms where it imitated legitimate apps such as ChatGPT, Opera Mini and premium versions of YouTube, Netflix and Instagram.
What does it mean for Android users?
“Once installed on a victim’s device, the malware gains unauthorized access to sensitive data, including contacts, messages and banking credentials,” the note said, adding that the malware could take control of the infected devices and allow hackers to send spam, initiate unauthorized payments, alter files and capture images and keystrokes besides tracking user location.
While it was silent on the origins of the threat, the advisory noted that cybercriminals had actually used Telegram to disseminate fake versions of some popular social media and OTT apps. The defense ministry has asked its department officials to refrain from downloading apps from unverified third-party platforms and clicking on links from unknown senders. They also asked users to update their handsets with the latest software and security patches.
DogeRAT has been prowling since May
Last May, when the issue was brought forth by CloudSEK, the company reported that the open source malware was based on Java and targeted multiple industries. The DogeRAT’s author actually showed up in a GitHub post to state that the malware campaign could be launched by a Telegram bot and an open source NodeJS app hosting platform.
Given India’s focus on digitization over the past few years, the country is also facing many more instances of data breaches. The government had recently reported a 171% increase in cybersecurity incidents across its departments between 2018 and 2022 with the number of reported cybercrimes growing from 70,798 to 192,439.
Last December, we had reported about the AIIMS cybersecurity incidents that were first denied by the government, before finally admitting to it and taking action. In spite of the Parliament being in session and discussions around cybersecurity at its fever pitch, the incident continued to linger for two weeks and questioned India’s preparedness to ward off such threats.
In fact, some security experts to whom we had spoken with last year felt the government needs to urgently set its house in order before asking private infrastructure providers to pay fines for data breaches as envisaged in the Data Protection legislation.
They noted the real danger could be in the coming months and years as the country works towards creating public scale digital infrastructure to provide users across all social strata with the ease of accessing public services and transacting with governments, industry, banks and ecommerce businesses with their smartphones.
