This dangerous malware spoofs top Android apps to infect your device - here's how to stay safe

Google Android figure standing on laptop keyboard with code in background
(Image credit: Shutterstock / quietbits)

Experts have warned of a new dangerous Android malware spoofing legitimate apps as it tries to steal sensitive information from victim endpoints, researchers are saying.

Cybersecurity researchers from CloudSEK uncovered a variant known as DogeRAT (Remote Access Trojan). The malware has all sorts of capabilities, from accessing contacts and messages to exfiltrating banking credentials. It can also take over the compromised device, send spam, make payments, tweak files, and even use the device’s camera.

In order to infect the target, the malware pretends to be a legitimate app, such as a game, a productivity tool, or an entertainment app such as Netflix, or YouTube. Threat actors are advertising it through social media and messaging platforms, as such an .APK can’t be found on the Google Play Store.

Premium version

The malware’s creators are advertising the tool via Telegram, the researchers further stated, adding that the developers are offering a premium version that can also grab screenshots, steal images, work as a keylogger, and more. It’s being sold for roughly $30, or 2,500 Indian Rupees. Besides the Telegram channel, the authors have also set up a GitHub page with the malware, a detailed explanation, and a video tutorial.

We don’t know how many devices are infected, but we do know that the malware won’t work without the user giving it extensive permissions. Those include access to call logs, audio recording, reading SMS messages, media, and photos. 

To stay safe, CloudSEK reminds, users should always be mindful about the applications they’re downloading, and just because something’s on the Play Store, doesn’t necessarily mean it’s clean and legitimate. Threat actors often manage to infiltrate Google’s app repository, and sometimes add to the malware’s legitimacy through inflated scores and purchased fake reviews. Furthermore, one should be extra careful when downloading an .apk from a third-party source.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.