DogeRAT Malware

During a thorough investigation into an SMS collector misleading campaign, cybersecurity researchers made a notable discovery of a new open-source Android malware named DogeRAT (Remote Access Trojan). This threatening software is specifically designed to target a wide customer base across various industries, with a particular focus on the Banking and Entertainment sectors. While the primary targets of this campaign were users in India, its scope extends globally. The perpetrators of this malware employ social media platforms and messaging applications as distribution channels, disguising the malware as legitimate application. Details about the DogeRAT mobile threat and its attack campaign were revealed by the infosec experts.

Threat Actors can Use DogeRAT to Take Over the Device and Take Away Sensitive Information

After being installed on a device, the malware initiates a series of permissions requests, including access to call logs, audio recordings, SMS messages, media files and photos. These permissions are exploited by the malware to manipulate the device, facilitating the execution of various harmful activities without the user's knowledge or consent. Such activities include the transmission of spam messages, unauthorized payment transactions, unauthorized modifications of files, and discreetly capturing photos using the device's camera.

DogeRAT operates through a Java-based server-side code developed in NodeJs, which enables seamless communication between the malware and the Telegram Bot of the attack operation. Additionally, the malware leverages a Web view to display the URL of the targeted entity, effectively camouflaging its threatening intentions and appearing more authentic to users.

DogeRAT is Offered for Sale via Telegram Channels

The creators of DogeRAT have taken an active role in promoting their malware through two Telegram Channels. In addition to the standard version, the author offers a premium version of a mobile threat that boasts advanced functionalities. This upgraded version includes features such as capturing screenshots, collecting images from the device's gallery, functioning as a keylogger to record keystrokes, extracting clipboard information, and introducing a new file manager. Furthermore, the premium version emphasizes enhanced persistence and establishes smoother bot connections with the infected device.

To further support the distribution and usage of DogeRAT, the author has set up a GitHub repository. This repository serves as a hosting platform for the RAT and provides additional resources, such as a video tutorial. The repository also presents a comprehensive list of features and capabilities that are offered by DogeRAT, further highlighting its threatening potential.

DogeRAT is another example that the underlying financial motivation is the main reason that drives fraudsters to evolve their tactics continually. As a result, the infection vectors abused by cybercriminal groups have extended beyond creating phishing websites, as they now also resort to distributing modified Remote Access Trojans (RATs) or repurposing existing threatening applications. By utilizing these low-cost and easily deployable misleading campaigns, con artists can achieve substantial returns on their illicit activities.