New cyber threat DramaRAT spreads on Android devices

A new malicious program called DramaRAT is actively spreading across Android devices, posing a significant cybersecurity risk. The malware disguises itself as legitimate applications, popular services, and important documents to trick users into installation.

According to Kazakhstan's Prosecutor General's Office, DramaRAT is distributed through various communication channels, including instant messengers, SMS messages, and emails. Attackers use enticing lures such as offering free access to ChatGPT, music streaming services, VPN applications, or Minecraft modifications. They also send files with convincing titles like "Declaration" or "Invoice."

Once installed, the application prompts the user to perform an update. During this phase, the core malicious component is downloaded in the background. Subsequently, the user is asked to grant Android's Accessibility Service permissions. With these elevated privileges, DramaRAT gains extensive control over the device. It can read screen information, intercept logins and passwords, mimic user actions, control banking applications, access confidential data, and even set PIN codes to lock the device.

To mitigate the risk of infection, security experts recommend several precautions. Users should refrain from installing suspicious files received via messengers, SMS, or email. It is crucial to download applications exclusively from official app stores like Google Play. Furthermore, users should be wary of offers for free access to paid services or unsolicited updates. Always carefully review the permissions requested by any application before granting access, and ensure that security software is up-to-date and the operating system is regularly patched.