No less than 12 applications have been identified by ESET Research, each accused of spying on its users.
The majority of them posed as chat apps and were installed by victims of romance scams, mainly in Pakistan.
From love to espionage
Oh, love. One of the oldest things in the world, a feeling that everyone has experienced. If it is said in the song that love stories usually end badly, sometimes they don’t have time to start and something is already wrong. Recently, ESET Research published a list of 12 Android apps that spy on you, via a romance scam that was mostly prevalent in Pakistan.
Of the 12 applications pinned, half were available directly on the Play Store, Google’s application store for Android smartphones and tablets. Each was presented as a messaging application, except for one, which took the form of a news application. In all cases, these services secretly executed code from a remote access Trojan, named VajraSpy and apparently used by the Patchwork APT group.
To attract victims, the app developers used targeted romance scams. Victims were contacted on another platform, then invited and convinced to switch to a chat application, which was obviously infected with the spy virus.
No less than 1,400 devices infected by half of the applications
By infecting Android smartphones and tablets, these applications were able to steal contacts, gain access to call logs, SMS messages and even messages on WhatsApp and Signal. That’s not all, since the program could record your phone calls and… take photos directly from Android devices. Enough to send shivers down your spine.
In total, no fewer than 1,400 downloads were counted across the six applications that were available on the Play Store; as for the others, it is impossible to know. The very weak security of one of the applications allowed ESET researchers to access the location of 148 infected devices in Pakistan and India, undoubtedly real people infected by the program.
“ Cybercriminals use social engineering as a powerful weapon. We strongly advise against clicking on links to download an application sent in a chat conversation. It can be difficult to stay safe from false romantic advances, but it pays to always be vigilant “, said Lukáš Štefanko, a researcher at ESET who discovered the spyware and who believes that a booster shot is always good to take.
If you think you may be affected, here is the list of applications to uninstall urgently:
- Private Talk
- MeetMe
- Let’s Chat
- Quick Chat
- Rafaqat
- Chit Cat
- YohooTalk
- TikTok
- Hello Cat
- Nidus
- GlowChat
- Wave Cat.
Source : ESET
2024 is already shaping up to be the year of all dangers in terms of cyber threats. Only the most reliable antivirus security suites are capable of truly effective protection across all platforms. Handpicked, here are the best antiviruses in February 2024.
Read more
A seasoned gamer since my early childhood, I have the Triforce in my skin (literally, on my left arm) and Nintendo in my heart. I am in love with technology of all kinds and I like to talk about it, sometimes a little too much.
Read other articles
5