Malware found in two apps available on Play Store

Cybersecurity firm Cyfirma detected Two apps available in the Google Play Store that come with built-in malware, being able to spy on the user and extract data from the mobile phone. Indian cybercrime group DoNot is behind the malicious campaign, according to a report released Monday (19).

The apps in question are nSure Chat, which offers end-to-end encrypted messaging, and iKhfaa VPN with virtual private networking.. According to experts, both are capable of performing malicious activities in the background once installed on an Android smartphone.

Issues found include access permissions to the device’s location and contact list, requested by the software. In the VPN application, the user is encouraged to enable the real-time location of the device, but if not, the malicious file looks for the last known record.

Read more: Google fixes bug on Android showing active microphone in WhatsApp

All data collected by the spy application is stored locally and then sent to a remote server operated by the group, also known as APT-C-35. The targets of the action, supported by government or military establishments, may be in South Asia – there are reports of attacks in Pakistan, according to the report.

Delete apps now

Malware-infected messaging and VPN apps for Android are still available on the Play Store. They have a low number of downloads so far, which indicates the campaign is being targeted.

However, no matter which country you live in, it is recommended to immediately delete such applications installed on your mobile phone. The programs were developed by SecurITY Industry, which apparently has a third app on its Android store called Device Basic Plus that has nothing to do with cyberattacks.