Cybersecurity researchers at CloudSEK have found malware that pretends to be a legitimate app from a well-known company to steal users’ data. This malware is spread through different channels, including GitHub and messaging apps.
The detected malware, dubbed “DogeRAT,” could trick users into installing it by posing to be a legitimate app. Once installed, it can access every user’s data on the phone, like contacts, banking credentials, and messages. The DogeRAT malware can also use the victim’s device for making payments and sending spam.
Since the app pretends to be legitimate, it can’t be distributed through Google Play. So creators are spreading it by sharing its APK file on social platforms and messaging apps like Telegram. The malware simulates popular apps like Netflix, YouTube, or any other trending app in Play Store.
DogeRAT malware poses as a legitimate app to take over a victim’s device
Besides the free version, developers have also launched a premium version of DogeRAT that offers more features at just $30. The features you get by purchasing the premium version include a keylogger tool, accessing images in the victim’s phone, taking screenshots, etc. Of course, DogeRAT can access this data after the user gives permission.
Social platforms are the main venue for developers to spread DogeRAT. However, the malware also has a GitHub page with video tutorials and explanations for users.
Yet, the number of infected devices is unknown. Users who usually download their apps through Telegram channels or downloading websites are at risk of installing DogeRAT. Remember that this malware pretends to be a legitimate app; many users can’t even detect its differences from the original app.
Security researchers recommend users download their apps only through Google Play and evade third-party sources. Of course, you still need to be careful when downloading an app through Google Play because attackers could also infect Google Play apps with malware. Once you want to download an app, pay attention to its legitimacy.