Govt issues advisory on “Daam” Android malware that steals call records, reads history

Android Malware

CERT-IN, India’s national cybersecurity organization, has issued an advisory about a deadly Android malware known as “Daam.” This malware steals confidential data, bypasses antivirus software, and even installs ransomware on targeted systems.

After entering a device, the Daam malware bypasses security measures and takes sensitive data. It has the ability to read browsing history, stop background processes, access call logs, hack call records, contacts, camera, change passwords, steal SMS messages, and download/upload files.

The attacker’s server obtains all stolen data from the victim’s device. Daam additionally encrypts device contents with AES, leaving only “.enc” files and a ransom note called “readme_now.txt.”

Here’s how you can safeguard your Android device from Daam Malware

To safeguard your Android device from the Daam malware and similar threats, CERT-IN has provided several best practices and recommendations:

  • Limit Download Sources: Reduce the risk of downloading potentially harmful apps by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store.
  • Review App Details: Prior to downloading/installing apps, even from the Google Play Store, always review the app details, including the number of downloads, user reviews, comments, and the “ADDITIONAL INFORMATION” section.
  • Verify App Permissions: Pay attention to the app permissions and grant only those that have relevant context for the app’s purpose. Avoid granting unnecessary permissions that may compromise your privacy.
  • Avoid Side-loaded Apps: Do not check the “Untrusted Sources” checkbox to install sideloaded apps. Stick to official and trusted sources for app installations.
  • Keep Your Device Updated: Install Android updates and patches as soon as they become available from your device’s vendor. Updates often include important security enhancements.
  • Exercise Caution Online: Avoid browsing untrusted websites or following untrusted links. Be cautious when clicking on links provided in unsolicited emails and SMS messages, as they may lead to malicious websites or initiate malware downloads.
  • Use Antivirus Software: Install and regularly update antivirus and antispyware software on your device. This helps detect and prevent malware infections.
  • Verify SMS Sender Information: Look for suspicious numbers that don’t resemble genuine mobile phone numbers. Genuine SMS messages from banks typically contain sender IDs (consisting of the bank’s short name) instead of phone numbers.
  • Research Before Clicking Links: Before clicking on a link provided in a message, perform extensive research. Websites allowing phone number searches can help determine the legitimacy of a number or identify potential scams.
  • Verify URLs: Only click on URLs that clearly indicate the website domain. If in doubt, use search engines to directly search for the organization’s website to ensure legitimacy.
  • Utilize Safe Browsing Tools: Consider using safe browsing tools and filtering services provided by antivirus, firewall, and content-based filtering software.
  • Exercise Caution with Shortened URLs: Be cautious with shortened URLs, such as those using or tinyurl. Hover your cursor over the link (if possible) to see the full website domain or use a URL checker to verify its destination.
  • Check Encryption Certificates: Look for valid encryption certificates by checking for the green lock in the browser’s address bar. Ensure the presence of proper security measures before providing any sensitive information online.
  • Report Suspicious Activity: If you notice any unusual activity in your account, report it immediately to the respective bank or service provider with relevant details to take appropriate actions.

You can greatly reduce your chances of being a victim of the Daam malware or related threats by adopting these guidelines and best practices. Maintain vigilance and make protecting your device a top priority to keep your data and identity safe.