Do you have any of these Android apps? Get rid of them ASAP | ENBLE
Security Experts Identify Chat Apps on Google Play Store That Steal Data and Camera Access
_ Image Source: Joe Maring / ENBLE_
Beware of Trojan-Infected Android Apps! Your Privacy is at Stake
The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.
The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp. 😱
😨 Which apps are the culprits?
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately. 🚫💣
Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app’s espionage activities.
💬 A chat app doing serious damage
“It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera,” says the ESET finding report.
Notably, this won’t be the first time that Vajra Spy has raised alarm. In 2022, Broadcom also listed it as a Remote Access Trojan (RAT) variant that leverages Google Cloud Storage to gather data pilfered from Android users. This malware has been linked to the threat group APT-Q-43, which is known to target members of the Pakistani military establishment specifically.
VajraSpy’s apparent objective is to harvest information from the infected device and capture the user’s data, such as text messages, WhatsApp and Signal conversations, and call histories, among other things. These apps, most of which disguised themselves as chat apps, employed romance-aligned social engineering attacks to lure the targets.
This is a recurring theme, especially given the target of the apps. In 2023, Scroll reported on how spies from across the border are using honey traps to lure Indian scientists and military personnel to extract sensitive information using a mix of romance and blackmailing efforts. Even the FBI has issued an alert about digital romance scams, while a White House staffer lost over half a million dollars in one such trap.
_ Image Source: Dall.E-3 / ENBLE_
In the most recent case of VajraSpy deployment, the apps were able to extract contact details, messages, a list of installed apps, call logs, and local files in different formats such as .pdf, .doc, .jpeg, .mp3, and more. Those with advanced functionalities mandated using a phone number, but in doing so, they could also intercept messages on secure platforms such as WhatsApp and Signal.
Aside from logging the text exchange in real-time, these apps could intercept notifications, record phone calls, log keystrokes, take pictures with the camera without the victim knowing about it, and take over the mic to record audio. Once again, the latter is not surprising.
We recently reported on how bad actors are abusing push notifications on phones and selling the data to government agencies, while security experts told ENBLE that the only fool-proof way to stop this is to disable notification access for apps.
🤔 What can we learn from this incident?
This incident serves as a stark reminder of the ever-present dangers lurking in the world of mobile apps. Even seemingly harmless chat apps can turn out to be privacy-invasion tools in disguise. It’s crucial to exercise caution when installing apps and regularly review the permissions granted to them.
📚 Further Reading and Resources
To learn more about mobile app security and protect yourself from such threats, check out these helpful links:
- Stay Protected Online: ESET NOD32 Antivirus Software
- Broadcom: Remote Access Trojans (RATs)
- Scroll: Spies using honey traps
- FBI Alert on Digital Romance Scams
- ENBLE: Abusing Push Notifications on Phones
📣 Spread the Word!
Share this article with your friends and family to raise awareness about the dangers of Trojan-infested Android apps. Together, we can stay vigilant and protect our privacy in the digital age! 🛡️💪
Hey there! Did you find this article informative? Are you aware of the risks associated with Trojan-infected apps? Share your thoughts and experiences in the comments below. Let’s have a chat! 💬😊
And if you enjoyed this article, don’t forget to share it with your friends and followers on social media. Knowledge is power, and by spreading awareness, we can collectively build a safer online environment. Let’s make privacy a top priority! 🚀🔒
