Android Malware Daam Has Data Theft & Ransomware Capabilities: CERT-In Issues Advisory - 1

Android Malware Daam Has Data Theft & Ransomware Capabilities: CERT-In Issues Advisory

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Last week the Indian national cybersecurity agency – CERT-In, released an advisory related to the newly discovered malware ‘Daam’. This threat can bypass antivirus software, steal sensitive data, and deploy ransomware on victim’s devices. The advisory was released for Android phone users and is said to impact the best of the brands.

The malware was first identified in April 2023, by researchers of the Singapore-based cybersecurity company CloudSEK. ‘’ The malware was found to be communicating with various Android APK files, likely indicating the source of infection,’’ noted CloudSEK. The team also named three applications associated with this malicious APK file:

  • Psiphon Client for Android and Windows : a free VPN
  • Boulders : a mobile game
  • Currency Pro : a currency converter

These trojanized apps are free and available on various unauthorized third-party websites. This sophisticated malware uses various techniques to access private data such as recording phone and VoIP calls, including calls made from encrypted services like Hike and Whatsapp.

Daam can easily bypass security to steal any file from the phones, including both new and old contacts, names of Google accounts, financial information, SMS messages and browser bookmarks. It can also upload/ download files, hack the camera, capture screenshots and lock phones by accessing device password and pin. The stolen data is subsequently transmitted to the threat actor managed C2 servers.

Moreover, to encrypt files on the victim’s device, the malware is said to use ‘’AES algorithms present in the root directory and SD card.’’ Once encryption is complete, it leaves behind “.enc” files and “readme_now.txt”, which is believed to be a ransom note.

As Daam can easily bypass any antivirus program, CloudSEK and CERT-In have suggested few measures using which users can utilize to protect and secure their devices. For instance, download apps from legitimate sources, check app reviews, use strong antivirus, check URLs, verify app permissions, etc.

By following these practices, the user can not only safeguard against Daam but also other ransomware gangs who utilize threats like phishing and identity and data theft to coerce their victims.

Zyxel Releases Patches for Critical Flaws in Firewall & VPN Devices - 2

Zyxel Releases Patches for Critical Flaws in Firewall & VPN Devices

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Zyxel Networks announced the release of updates for two critical security vulnerabilities impacting its firewall and VPN products. The two security flaws could provide admin-level access of the vulnerable devices to unwanted threat actors.

The Zyxel security advisory notes that both the flaws (CVE-2023-33009 and CVE-2023-33010) are buffer overflow vulnerabilities and have been given 9.8 out of 10 scores by CVSS (scoring system that provides qualitative measure of vulnerability).

Buffer overflow attack enables the threat actors to remotely control the affected devices by manipulating the system memory. The attacker can overwrite the data (memory) of an application and change its execution path, thus gaining unauthorized access to private data. Generally, this attack results in network interruptions, system crashes and sometimes can also lead to the creation of programs that run infinitely.

The two issues cited by Zyxel are:

  • CVE-2023-33009 – In some of the products, the buffer overflow vulnerability in the notification function could allow an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.
  • CVE-2023-33010 – In some product versions, buffer overflow vulnerability in the ID processing function could allow an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.

Post investigation, Zyxel noted that the following devices were impacted by the vulnerable firewall series:

  • ATP Versions ZLD V4.32 to V5.36 Patch 1 (repaired in ZLD V5.36 Patch 2)
  • USG FLEX Versions ZLD V4.50 to V5.36 Patch 1 (repaired in ZLD V5.36 Patch 2)
  • USG FLEX50(W) / USG20(W)-VPN Versions ZLD V4.25 to V5.36 Patch 1 (repaired in ZLD V5.36 Patch 2
  • VPN Versions ZLD V4.30 to V5.36 Patch 1 (repaired in ZLD V5.36 Patch 2)
  • ZyWALL/USG Versions ZLD V4.25 to V4.73 Patch 1 (repaired in ZLD V4.73 Patch 2)

The company has recommended its users to install the updated security patches to avoid unwanted threat attacks. On its Support Campus, Zyxel has also provided step-by-step instructions for its affected VPN partners.

These products are generally used by small and mid-sized businesses as well as home and remote-based workers to protect and secure their networks. In recent times, threat actors are always on the lookout for such vulnerabilities, thus it is essential that users and system administrators secure their networks with these firmware patches as quickly as possible.