Security Researchers Discover 12 Espionage Apps with Malicious Code on Android
Earlier this month, cybersecurity experts from ESET made a startling discovery – 12 Android apps designed for espionage that all share the same malicious code. These apps, which masquerade as innocent messaging tools, have been identified as a part of the Patchwork APT group’s targeted espionage efforts. However, one of the apps stands out as it poses as a news app instead.
The nefarious apps secretly run a remote access trojan (RAT) called VajraSpy, which can be customized to carry out various espionage activities depending on the permissions granted to it. Among its capabilities are the theft of contacts, files, call logs, and SMS messages. Additionally, some of the apps can even extract WhatsApp and Signal messages, record phone calls, and take pictures using the device’s camera.
While initial detections were reported in Malaysia, experts speculate that this is merely incidental and that the primary targets of these apps are actually Android smartphone users in India and Pakistan. It is believed that the operators behind these apps employ a honey-trap romance scam to lure victims into downloading the malicious software. By feigning romantic or sexual interest on another platform, the perpetrators are able to convince individuals to install these trojanized apps.
Among the apps that were found on the official Google Play Store are Hello Chat, Chit Chat, Meet Me, Nidus, Rafaqat News, Tik Talk, Wave Chat, Prive Talk, Glow Glow, Lets Chat, NioNio, Quick Chat, and Yoho Talk.
However, it’s not just the official app store that is affected. Unofficial third-party app stores have also housed similar malicious apps, including Essential Horoscope for Android, 3D Skin Editor for PE Minecraft, Logo Maker Pro, Auto Click Repeater, Count Easy Calorie Calculator, Sound Volume Extender, LetterLink, Numerology: Personal Horoscope & Number Predictions, Step Keeper: Easy Pedometer, Track Your Sleep, Sound Volume Booster, Astrological Navigator: Daily Horoscope & Tarot, and Universal Calculator.
As always, users are reminded to exercise caution when downloading apps and to stick to official app stores whenever possible. It is crucial to remain vigilant and avoid falling victim to such honey-trap scams, especially when engaging in online conversations with strangers.
Analyst comment
The discovery of 12 espionage apps with malicious code on Android is negative news for users. The market for Android smartphones may experience a decline in users’ trust and confidence in app downloads, leading to a decrease in app downloads and potential loss of revenue for app developers. User caution and adherence to official app stores is recommended.
