The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.
"Once installed on a victim's device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials," cybersecurity firm CloudSEK
said in a Monday report.
"It can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos through the device's cameras."
DogeRAT, like many other malware-as-a-service (MaaS) offerings, is promoted by its India-based developer through a Telegram channel that has more than 2,100 subscribers since it was created on June 9, 2022.
In a further attempt to make it more accessible to other criminal actors, the free version of DogeRAT has been made available on GitHub, alongside screenshots and video tutorials showcasing its functions.
