The Indian Computer Emergency Response Team (CERT-IN) has released a warning about ‘Daam,’ an Android malware that possesses the ability to pilfer sensitive information, evade antivirus software, and initiate ransomware attacks on the devices it targets.
As per CERT-IN, the primary agency responsible for addressing computer security incidents, Daam utilizes communication with multiple Android APK files to gain entry into a mobile phone. It is distributed through third-party websites and proceeds to encrypt files using the AES encryption algorithm. Consequently, the malware deletes non-encrypted files from the local storage, leaving only the encrypted ones marked with a ‘.enc’ extension, accompanied by a ransom note named ‘readme_now.txt.’
According to the agency, the malware possesses the capability to infiltrate call recordings and contact information, gain unauthorized access to the device’s camera, alter passwords, capture screenshots, pilfer SMS messages, download/upload files, and perform various other malicious activities.
CERT-IN has provided the following guidelines to safeguard devices against Daam:
- To minimize the risk of potentially harmful apps, exclusively download applications from official app stores.
- Prior to downloading any app, carefully review its details and user reviews. Additionally, grant only relevant permissions that align with the app’s intended purpose.
- Regularly install Android updates provided by authorized Android device vendors.
- Refrain from visiting untrusted websites or clicking on unverified links.
- Install and consistently update antivirus and antispyware software.
- Exercise vigilance when encountering mobile numbers that appear unusual or deviate from regular mobile number formats.
- Practice caution when confronted with message links, conducting thorough research before clicking on them.
- Exercise discretion when clicking on URLs, ensuring that the website domain is clearly indicated. Exercise caution with shortened URLs, particularly those utilizing bit.ly and tinyurl.
- Utilize secure browsing tools, filtering tools within antivirus software, firewalls, and filtering services.
- Prior to sharing sensitive information, verify the presence of valid encryption certificates by checking for the green lock icon in the browser’s address bar.
- If any “unusual” activity is detected in a user’s bank account, it is crucial to promptly report it to the respective bank.