ESET security researchers have identified twelve malicious Android apps that can hijack your device to play audio recordings in the background, among other dangers. Uninstall them urgently.
A cyberespionage campaign exploited Google Play to distribute six malicious apps. The other six were distributed, and unfortunately installed, by indirect means.
A love scam
To trick users into installing these Trojan-infected email apps VajraSpy, pirates approach victims by promising them a romantic relationship. They get in touch via Facebook Messenger or WhatsApp, before asking them to download another messaging application. These are divided into three groups.
The first is infected apps with standard messaging features that ask for the victim’s contact information, including their phone number. Whether or not the account creation is successful, the Trojan runs in the background. It can thus steal contacts, SMS, call logs, device location, list of installed applications and files with certain extensions.
The second group of apps additionally has the ability to leverage built-in accessibility options to intercept WhatsApp and Signal communications. Conversations can then be spied on and notifications intercepted. One of the applications (Wave Chat) goes even further by recording phone calls, words typed on the keyboard and surrounding sounds by activating the smartphone’s microphone.
Finally, the third group is made up of a single application that does not serve as messaging, but presents news. It still requires a phone number to connect and can intercept contacts and certain files. Here is the list of 12 applications:
- Rafaqat (an Urdu word that means fellowship)
- Private Talk
- Let’s Chat
- Quick Chat
- Chit Cat
- Hello Cha
- Wave Chat
The first six apps, which were available on the Play Store, were downloaded more than 1,400 times, but are no longer available. If any of them are on your device, uninstall them immediately. We obviously invite you to be vigilant when someone asks you to download an application or click on an unknown link.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.