It has been recently discovered by ESET researchers that there are Android apps designed to spy on users who download them. Six of these apps were found on Google Play, while the remaining were hosted on VirusTotal. Eleven of the apps masquerade as legitimate messaging apps, with one posing as a news app.
These apps are running remote access trojan (RAT) code known as VajraSpy and are part of a Patchwork APT campaign. Their main purpose is to spy on users and their capabilities are related to the permissions granted to them. They have the ability to steal contacts, files, call records, and text messages. Certain apps can even access WhatsApp and Signal chats, record phone calls, intercept notifications, and send device locations and installed app names to their command and control centers. The most troubling capability is the ability to take pictures and record audio of victims.
The primary targets of these apps are users in Pakistan and India, with the ones on Google Play being downloaded 1,400 times.
The cybercriminals behind these apps use a honey-trap or love-trap scam to trick victims into downloading them. They likely found their targets on social media platforms and pretended to show romantic interest to convince them to install the malicious apps.
The apps found on Google Play are:
1. Rafaqat
2. Privee Talk
3. MeetMe
4. Let’s Chat
5. Quick Chat
6. Chit Chat
The apps found on VirusTotal are:
1. YohooTalk
2. TikTalk
3. Hello Cha
4. Nidus
5. GlowChat
6. Wave Chat
These apps appear to offer standard messaging functionality and ask the user to create an account using their phone number. Even if the account creation process isn’t successful, they continue to run in the background.
If you have any of these apps on your phone, it is crucial to delete them to stay safe. If you are lonely or looking to settle down, it is recommended to give the person your mom recommended a shot or let your friends set you up, instead of cozying up to random strangers, particularly those who insist on using a shady messaging app.