The Indian government has issued a warning about advanced malware targeting Android users via social media and messaging platforms, capable of accessing sensitive data and granting hackers control over infected devices.

The Controller General of Defence Accounts, a department of the Ministry of Defense, released the advisory on the Remote Access Trojan called “DogeRAT”.

“An open-source Remote Access Trojan called DogeRAT has been detected that targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGPT and premium versions of YouTube, Netflix and Instagram,” the advisory said on August 24.

“Once installed on a victim’s device, the malware gains unauthorised access to sensitive data including contacts, messages, and banking credentials,” it added.

The advisory further added that the malware can take control of the infected devices, enabling hackers to send spam messages, initiate unauthorised payments, modify files, and even capture photos and keystrokes.

It can also track the user’s location and record audio.

While the source of the threat is unknown, the advisory noted that in a recent incident, a group of cybercriminals used Telegram to distribute fake versions of popular apps such as ChatGPT, Instagram, Opera Mini, and YouTube.

The Defence Ministry has instructed its departments and officials not to download apps from untrusted third-party platforms or click on links from unknown senders. It also advised them to keep their smartphones up to date with the latest software and security patches, as well as install an antivirus app.

In May, researchers from the contextual AI company CloudSEK uncovered the DogeRAT (Remote Access Trojan), targeting users across multiple industries, including banking and entertainment.

Earlier this week, cybersecurity researchers found that the official website of the Ministry of AYUSH in Jharkhand was breached which has exposed over 3.2 lakh patient records on the dark web.