This dangerous new malware also has ransomware capabilities
Daam malware found targeting Android devices
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new Android malware variant has been found that’s capable of hiding from antivirus programs, stealing sensitive data, and even deployingransomwareon the infected endpoints.
Cybersecurity experts from CloudSEK’s Threat Intelligence Research Team discovered the malware, which they dubbed “Daam”.
The malware was communicating with “various Android APK files”, the researchers said, suggesting that this was a “likely source of infection”.
Recording calls
Once deployed on a device, the malware will first try to circumvent security checks on a range of mobile brands. If it successfully manages to hide from antivirus programs, it will try to get highly sensitive permissions, such as the ability to record audio, read history bookmarks, kill background processes, and read call logs.
The malware is also able to record all ongoing calls, both cellular and VoIP ones, and later transmit them to the command & control (C2) server. Daam is also capable of stealing contacts from the victim’s device, as well as pilfering newly added contacts, as well.
In other words, even yourWhatsAppcalls wouldn’t be safe from eavesdropping, and the files you store on your mobile device could be stolen.
To make matters worse, the malware was also observed to have ransomware capabilities. The researchers are saying Daam is able to encrypt the files on the device using AES algorithms present in the root directory and SD card. It also drops a “readme_now.txt” file - most likely a ransom note.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This dangerous Android malware is seeing a huge rise in infections>Dangerous new ‘Hook’ Android malware lets hackers remotely control your phone>Check out the best malware removal tools right now
After the encryption, all other files are deleted from local storage, leaving only the encrypted files with a .enc extension on the device.
The malware is being distributed through third-party websites, the researcher said, finding a total of three apps being circulated: Psiphon Client for Android and Windows - a circumvention software for Windows and Android that bypasses paywalls and other censored content; Boulders - a mobile game; and Currency Pro - a currency converter.
As usual, to stay safe, make sure to download apps only from legitimate sources, and to check reviews and user comments before downloading anything.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
