This dangerous malware spoofs top Android apps to infect your device - here’s how to stay safe

Don’t download the YouTube Android app from a third-party source

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Experts have warned of a new dangerous Androidmalwarespoofing legitimate apps as it tries to steal sensitive information from victim endpoints, researchers are saying.

Cybersecurity researchers from CloudSEK uncovered a variant known as DogeRAT (Remote Access Trojan). The malware has all sorts of capabilities, from accessing contacts and messages to exfiltrating banking credentials. It can also take over the compromised device, send spam, make payments, tweak files, and even use the device’s camera.

In order to infect the target, the malware pretends to be a legitimate app, such as a game, a productivity tool, or an entertainment app such as Netflix, orYouTube. Threat actors are advertising it through social media and messaging platforms, as such an .APK can’t be found on theGoogle Play Store.

Premium version

The malware’s creators are advertising the tool via Telegram, the researchers further stated, adding that the developers are offering a premium version that can also grab screenshots, steal images, work as a keylogger, and more. It’s being sold for roughly $30, or 2,500 Indian Rupees. Besides the Telegram channel, the authors have also set up a GitHub page with the malware, a detailed explanation, and a video tutorial.

Over 50 Chinese apps banned in fresh crackdown by the Indian government>Windows 11 now has much better protection against brute-force attacks>These are the best ID theft protection tools right now

We don’t know how many devices are infected, but we do know that the malware won’t work without the user giving it extensive permissions. Those include access to call logs, audio recording, reading SMS messages, media, and photos.

To stay safe, CloudSEK reminds, users should always be mindful about the applications they’re downloading, and just because something’s on the Play Store, doesn’t necessarily mean it’s clean and legitimate. Threat actors often manage to infiltrate Google’s app repository, and sometimes add to the malware’s legitimacy through inflated scores and purchased fake reviews. Furthermore, one should be extra careful when downloading an .apk from a third-party source.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere