A sophisticated malware campaign has been discovered that targets Android users in India with a remote access trojan (RAT) called DogeRAT. The malware is distributed through social media and messaging platforms, disguised as legitimate applications like Opera Mini, OpenAI ChatGOT, and premium versions of popular apps such as YouTube, Netflix, and Instagram.
Once installed, DogeRAT gains unauthorized access to sensitive data, including contacts, messages, and banking credentials, and enables malicious actions like spam messages, unauthorized payments, and remote camera capture.
The DogeRAT malware is part of the growing trend of malware-as-a-service (MaaS) offerings and is promoted by its India-based developer through a Telegram channel.
The developer offers a premium subscription for a low price, providing additional capabilities such as taking screenshots, stealing images, capturing clipboard content, and logging keystrokes. To make it more accessible to other criminals, the free version of DogeRAT has also been made available on GitHub, complete with screenshots and tutorials.
The Java-based DogeRAT malware requests intrusive permissions upon installation, allowing it to gather data and send it to a Telegram bot. The campaign serves as a reminder of the financial motivation driving scammers to evolve their tactics, not limited to phishing websites but also distributing modified RATs and repurposing malicious apps.
In a related development, Mandiant revealed a new Android backdoor called LEMONJUICE, designed for remote control and access to compromised devices, further highlighting the evolving threat landscape for Android users.
Additionally, Doctor Web has discovered over 100 apps on the Google Play Store containing a spyware component called SpinOk, collectively downloaded more than 421 million times. This spyware is distributed as a marketing software development kit (SDK) and is designed to collect sensitive information stored on devices, as well as manipulate clipboard contents.
Some popular apps found to contain SpinOk include Noizz, Zapya, VFly, MVBit, Biugo, Crazy Drop, Cashzine, Fizzo Novel, CashEM, and Tick. These findings emphasize the need for users to be cautious when downloading apps and to maintain up-to-date security measures on their devices.
