A new Android malware, called DogeRAT, has been found targeting organizations across multiple industries, including banking, gaming, and entertainment. In addition to remote access, this open-source malware acts as a keylogger and can copy content from the clipboard.
About the campaign
CloudSEK researchers disclosed that the DogeRAT campaign is targeting Android users in India. They expect that it can extend its reach to global targets. - Attackers have created thousands of fake applications, masquerading as popular apps and services, such as Netflix Premium, YouTube Premium, Instagram Pro, Opera Mini browser, and ChatGPT.
- These malicious apps are distributed across social network platforms.
- When installed, these fake apps obtain the appropriate permission to gain unauthorized access to sensitive data, including banking credentials, contacts, and messages.
- It further allows the attacker to perform additional actions, such as conducting unauthorized bank transactions, sending spam emails, and taking pictures using a device camera.
Boeing promoted as a MaaS
The developers of DogeRAT are suspected to be from India. They are promoting this Java-based RAT as a MaaS offering via two Telegram channels.
- The open-source version of the malware is hosted on a GitHub repository. It comes with a list of all the capabilities and a video tutorial on how to use various features.
- The authors are further promoting a premium version of DogeRAT. This version is more persistent, has better connectivity with its C2, and is equipped with additional capabilities. These include a keylogger, the ability to steal images from the gallery and steal data from the clipboard.
The bottom line
The wide range of capabilities of DogeRAT exemplifies the rapid evolution of the MaaS business, where malware developers are increasingly focusing on multi-utility malware. To reduce the risks, organizations are suggested to adobe a comprehensive cyber strategy, and follow good cyber hygiene in routine activities.