New malware circulating in messaging apps using 'Darez' brand name

A malicious software (malware) is making rounds across several messenger apps using an altered name of popular e-commerce platform Daraz.

With the title "Giving gifts to Darez Supporters - Free Gift for Everyone), a suspicious link is guised under the promise of free gifts for its loyal customers, and is being circulated among messaging apps such as Facebook Messenger, WhatsApp, Viber and others.

Once opened, it enables hackers to penetrate through the device firewall and take confidential user information such as photos, contacts and others, all using a variant name of the brand "Darez" instead of "Daraz."

Khalid Arafat, a WhatsApp user, clicked on the said link on Friday, without crosschecking the brand name or title.

"I thought it came from Daraz. But the link automatically went to my other contacts inbox. Then I realized I just may have given hackers access to my phone," he said.

Users often overlook a spell-check as the hackers only altered the spelling of Daraz, but used similar logo and URL so that no suspicion is raised on the misspelling.

Malware virus is used to disrupt the normal functioning of a computer or mobile phone, collect confidential information, gain unauthorized access to a protected computer network system, or display unwanted advertisements.

It can also operate secretly for the purpose of stealing information or keeping a close eye on the user.

International internet gateway (IIG) operators said that there are more than 3.5 crore WhatsApp users and around 2 crore Viber users in the country.

So far, the malware has only emerged on Messenger, WhatsApp and Viber. The malware can cause any kind of harm by controlling the contact list, IP (Internet Protocol) address, location, picture etc. of the mobile phone, they added.

Sarowar Alam Sikder, president of the IIG Forum, told Dhaka Tribune that this type of link always comes from different hackers to different OTT platforms to steal people’s personal information for blackmailing later.

However, mobile phone users have to be aware of this as there is no cure from it once infected, he also said.

Talking to Daraz Bangladesh authorities, they said that they have already announced on their Facebook page about this malware.

While clicking the link, customers will see that they won an iPhone 12, and will have to follow a few steps to claim their prize.

Jahangir Alam, a Facebook user, went through the process, only to reach a dead end. But soon after, he found that his mobile wallet, which had Tk 200, was found with a zero balance.

If the situation deteriorates with more users falling victim to the phishing scam, then Daraz authorities said they would take legal action against the hacker group responsible for generating the malware.