New Android Malware 'Daam' Discovered: Steals Sensitive Information and Spreads Ransomware

The IT industry has been battling cyber attacks and malware for a long time. However, with the advancement of technology, cybercriminals have become more sophisticated in creating malicious software. This has led to an increase in cyber attacks and data breaches, posing a significant threat to individuals and organizations worldwide.

Recently, CloudSEK's Threat Intelligence Research Team discovered a new strain of Android malware known as "Daam" that poses a severe threat to users' data security. Daam spreads through various Android APK files, which serve as a possible source of infection. Once installed on a device, Daam attempts to evade security checks and gain sensitive permissions, such as audio recording, call log access, and reading browsing history bookmarks.

The malware can also record all active calls, including mobile and VoIP calls, and transmit the recordings to a command and control server. Additionally, Daam can collect contacts from the victim's phone and encrypt data using AES algorithms located in the root directory and SD card. It drops a ransom note in the form of a "readme_now.txt" file and erases all other files from local storage, except for the encrypted files.

The researchers found that Daam spreads through third-party websites, and it currently uses three programs to infect devices, namely Currency Pro, Boulders, and Psiphon Client for Android and Windows. Currency Pro is a money converter app, while Boulders is a smartphone game. Psiphon Client for Android and Windows is a circumvention tool that can bypass paywalls and restricted content.


To protect themselves from Daam and other similar malware, users are advised to download software only from trusted sources and to read reviews before installation. It is also critical to keep antivirus software up to date and exercise caution when granting application permissions.

In conclusion, Daam is a highly dangerous Android malware that can steal confidential data, record phone calls, and spread ransomware. Users must remain vigilant when downloading and installing apps and only download software from reputable sources. They should also keep their antivirus software up to date and carefully consider the permissions they grant to applications. By taking these precautions, users can safeguard their devices and data from this type of cyber attack.

Read next: Google Dives Down Deep Into Explaining Why Its Authenticator Isn’t E2E Encrypted Amid Concerns
Previous Post Next Post