Authorities said the virus is also capable of "bypassing anti-virus programs and deploying ransomware on the targeted devices"News 

“Daam” virus steals call logs and reads history from Android phones

The National Cyber Security Agency said in its latest alert that an Android malware called “booster” infects mobile phones and compromises sensitive data such as call logs, contacts, history and camera. India’s Computer Emergency Response Team, or CERT-In, said the virus is also capable of “bypassing antivirus software and spreading ransomware on target devices.”

The agency is the federal technology division that combats cyberattacks and protects cyberspace from phishing, hacking, and similar cyberattacks. The agency said botnets are distributed through third-party websites or apps downloaded from untrusted/unknown sources.

Once installed on the device, the malware tries to bypass the device’s security check and after a successful attempt, steal sensitive data and permissions like reading history and bookmarks, kill background processing, read call logs, etc.

‘Daam’ is also capable of hacking call recordings, contact information, accessing camera, changing device passwords, taking screenshots, stealing text messages, uploading/sending files, etc. and sending to victims’ C2 server (command and control) device, the advisor said. .

According to it, the malware uses the AES (Advanced Encryption Standard) encryption algorithm to encode files on the victim’s device. Other files are then deleted from local storage, leaving only encrypted files with an “.enc” extension and a ransom note that reads “readme_now.txt,” the advisory states.

The central agency suggested several dos and don’ts to avoid being attacked by such viruses and malware. Cert-In did not advise against browsing “untrusted websites” or clicking on “untrusted links”. He said one must be careful when clicking on any link in unsolicited emails and text messages. He suggested installing and maintaining up-to-date anti-virus and anti-spyware software.

He also suggested that users should be on the lookout for “suspicious numbers” that don’t look like “real cell phone numbers,” as scammers often hide their identities using email-to-text services to avoid revealing their real phone number.

“Initial text messages from banks usually include the sender’s ID (consisting of the bank’s short name) instead of the phone number in the sender’s data field,” he added.

It also asked users to be careful with shortened URLs (Uniform Resource Locators), such as links containing “bitly” and “tinyurl” hyperlinks, such as “http://bit.ly/” “nbit.ly” and ” tinyurl” .com/”. Users are advised to hover over shortened URLs to see the full domain name of the website they are visiting, or to use the URL checker, which allows the user to type in a short URL and view the full URL, as suggested in the advisory .

Related posts

Leave a Comment