Daam Malware Strikes Android Devices: In a recent advisory, India’s national cybersecurity organisation, CERT-IN, issued a warning about a dangerous Android malware dubbed “Daam” that poses a significant threat to the security of user data. This malware is able to circumvent antivirus software, pilfer sensitive data, and even install ransomware on compromised machines.
The Danger of Daam Malware: Understanding the Dangers and Consequences
Once inside a device, the Daam malware can access and retrieve a vast array of sensitive data, including browsing history, call records, contact information, camera content, SMS messages, and files. It circumvents security measures, making it difficult to detect and eliminate. The compromised device’s contents are then encrypted using AES encryption, leaving behind “.enc” files and a ransom note named “readme_now.txt.”
Daam Malware Strikes Android Devices
CERT-IN has provided crucial best practices and recommendations for defending Android devices against the Daam malware and comparable threats:
- Limit Download Sources: Minimise the risk of downloading potentially malicious apps by sticking to official app stores, such as the manufacturers or operating system’s.
- Before downloading an app, even from reputable sources such as the Google Play Store, carefully examine its specifics, including user reviews, number of downloads, remarks, and additional information.
- Pay close attention to the permissions requested by apps, and only grant those that are essential and pertinent to the app’s intended functionality. Avoid granting permissions that are unnecessary and may compromise privacy.
- Avoid Side-loaded Applications: Refrain from installing applications from unofficial or untrusted sources. Install applications from only reputable and reliable sources.
- Maintain Your Device’s Updates: Install vendor-supplied updates and upgrades on a regular basis, as they frequently include crucial security enhancements.
- Internet Caution: Avoid visiting unreliable websites and acting on dubious links. Be especially cautious when clicking on links in unsolicited emails or SMS messages, as they may lead to pernicious downloads or websites.
- Utilise Antivirus Software: Install and update antivirus and antispyware software to detect and prevent malware infections on your device.
- Verify SMS Sender Information: Be on the lookout for numbers that do not resemble legitimate mobile phone numbers but appear dubious. Authentic SMS messages from institutions frequently include sender IDs instead of phone numbers.
- Conduct Extensive Research Prior to Acting Links: Before acting on any links, particularly those in messages, conduct extensive research. Utilise websites that permit phone number searches to confirm the legitimacy of phone numbers and identify potential frauds.
- Verify URLs: Click only on URLs that plainly display the website’s domain. Use search engines to locate the organization’s official website if you have any doubts about its legitimacy.
A Few More Practises Include
- Check Encryption Certificates: Verify the presence of valid encryption certificates by searching for the lock icon in the address bar of the browser. Before disclosing sensitive information online, confirm that the appropriate security precautions have been taken.
- Report Suspicious Activity: Immediately report any suspicious account activity to the respective bank or service provider, along with all pertinent information so that appropriate action can be taken.
- By adhering to these best practices and guidelines, users can substantially reduce their susceptibility to the Daam malware and other threats. To secure personal data and maintain online security, it is essential to remain vigilant and prioritise the protection of devices.
