Connect with us

Hi, what are you looking for?

Technology

More Android apps riddled with malware spotted on Google Play

ESET researchers recently uncovered a concerning discovery involving a malicious Android remote access trojan (RAT) named VajraSpy. This RAT was found hidden within 12 different applications, with six of them even being available for download on Google Play between April 1, 2021, and September 10, 2023.

These malicious apps, disguised as innocent messaging or news apps, have since been removed from Google Play but can still be accessed through third-party app stores. Once installed, VajraSpy allows cybercriminals to steal personal data, including contacts, messages, and even record phone calls with the appropriate permissions.

The campaign behind this malware has been linked to the Patchwork APT group, known for targeting users primarily in Pakistan. Interestingly, the group’s activities were previously exposed when they accidentally infected their own infrastructure with another RAT called ‘Ragnatela,’ providing insight into their operations.

ESET researcher Lukas Stefanko identified the presence of VajraSpy in these 12 malicious apps, with six of them having been downloaded approximately 1,400 times from Google Play. These apps posed as legitimate messaging platforms like “Rafaqat رفاقت” and “Privee Talk.”

Outside of Google Play, these malicious apps adopted names such as “Hello Chat” and “Wave Chat” to lure unsuspecting victims, particularly through romance scams. Most victims were located in Pakistan and India, where they were tricked into installing these fake messaging apps.

VajraSpy functions as both spyware and a RAT, enabling various espionage activities such as data theft, interception of encrypted messages, call recording, and even activation of the device’s camera for surveillance purposes. Its modular design allows it to adapt and evolve based on the permissions granted on the infected device.

ESET advises users to avoid downloading obscure chat apps from unknown sources, as this remains a common tactic used by cybercriminals to compromise devices. While Google Play has implemented stricter policies to detect malware, threat actors continue to find ways to infiltrate the platform, posing risks to millions of users worldwide.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business

Microsoft Teams had a major hiccup on Friday, causing disruptions and various issues for users. The problem started around 11 a.m. EST and quickly...

Business

JetBlue Airways is considering pulling out of its $3.8 billion acquisition of Spirit Airlines following a federal judge’s blockage of the deal in response...

Business

Tesla is pulling back nearly 200,000 cars in the U.S. over a glitch with the backup camera not kicking in when the car’s in...

Politics

The former US president Donald Trump is aiming to deal a significant blow to the campaign of the former South Carolina governor as she...