DogeRAT: The Malware Behind That Strange App Notification

Earlier today, I was watching some video on YouTube when all of a sudden the app crashed right in the middle of the playback. I thought it was some minor issue or maybe an update issue but then when YouTube stayed closed for another 10 minutes I started getting suspicious. Just about the time I was going to restart my phone, a message popped up saying “High risk malware detected: base-2.apk.” A little research later and I found my device might have been compromised by something called DogeRAT which had possibly been hiding in some innocuous app download.

In this blog, I’ll break down everything you need to know about DogeRAT, how it operates, and — most importantly — how you can protect yourself from it.

What is DogeRAT?

DogeRAT (Remote Access Trojan) is malware through which cybercriminals gain unauthorized control over a victim’s device. Android smartphones are usually the targets of such malware. Once installed, the malware can be used to access personal data, control functionalities of the device, and even turn the infected device into a bot for other cyber activities. Nothing humorous about DogeRAT, despite the lighthearted reference to the Dogecoin meme in its naming, once one comprehends the magnitude of its sinister capabilities.

This type of malware seems innocuous at the outset, often hidden within legitimate applications or free downloads, thus hard to identify. The alert “base-2.apk” that I received turned out to be a typical name for DogeRAT’s payload file, which silently stays on devices until activated.

How DogeRAT Spreads

DogeRAT typically spreads through:

1. Download of a malicious application: Usually found in unofficial app stores or websites that offer “free” versions of popular apps. Many users unknowingly install it with other apps.
2. Links in phishing messages: Often, attackers send messages or emails with links to harmful APK files, deceiving users into installing the malware.
3. Bundled with other applications: Often, DogeRAT is bundled with other seemingly legitimate applications that solicit unnecessary permissions and hence allows it to run in the background.

Capabilities of DogeRAT

Once DogeRAT infects your device, it can perform several functions, such as:

• Sending commands from the attacker: This allows the attacker to remotely control the device, issuing commands to carry out further malicious activities.
• DogeRAT can record both audio and video; it can access the camera and the microphone and thus can spy on the user unbeknownst to him or her.
• Injecting ads: Some variants of DogeRAT inject ads into the victim’s device to make money for the attacker.
• By controlling device functions: It can control functionalities like calling, texting or even factory-resetting the device.

How DogeRAT Went Undetected?

Many users might wonder how something like this goes undetected. DogeRAT usually hides inside some legitimate-looking application and bypasses most of the casual checks. In my case, it could have slipped in through some recent download or file, installed itself as a background process, and sat silent till it was triggered.

What Measures Should You Take in Order Not to Become a Victim of DogeRAT?

Understandably, I felt compelled to take measures aimed at protecting my gadget from such attacks in the future. Below are several basic tips for anyone wishing to protect their mobile devices:

1. Install Only Apps Available on the Official Store: Use vetted application marketplaces like Google Play which has plenty of checks to avoid malware installation.
2. Avoid Using the “Free” or “Hacked” Versions of the Application: If free applications of paid apps are available in dubious websites that sound amazing, there is probably a catch and in this case, it is a virus.
3. Assess the Permissions Requested by the App: Watch out when giving out such permissions. For example, why does a normal game need access to your messages and camera?
4. Get Anti-Virus Protection for Your Smartphone: There are many reputable mobile antivirus applications that offer features that protect devices against viruses such as DogeRAT and will notify you if any threats are detected.
5. Activate Play Protect Feature: This everyday function will search your device for harmful applications on a regular basis. Do ensure that it is activated in order to provide further safety measures.
6. Don’t Forget To Use Your Device For Its Intended Purpose: Regular updates of Android devices usually come with fixes for common vulnerabilities. Ensuring your device is up to date is a major step in your protection.
7. In Case of Computer Threats — Act Swiftly: If you see any of such messages, or similar ones, and are asked to install an unknown APK file type such as mine, do not hesitate to remove it and sanitize all caches of the application or browser used.

Conclusion

The DogeRAT is the best illustration of the speed with which an infection can spread when the user devices are filled with malware alongside the everyday task of downloading a file or an application. After a notification concerning base-2.apk came to me, I understood why it is essential to be extra careful when downloading files and what applications we put in our devices.

Reference for more detailed study — https://www.cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries

Written By: Bikram Sadhukhan