This week the NSO group raised a security alert, and once again it’s about the devastatingly powerful Pegasus malware. implemented in Jordan spy on journalists and activists. While this is a high-profile case in which Apple sued NSO Group, there is a whole world of seemingly harmless Android apps that collect sensitive data from the average person’s phone.
Company security experts ESET At least 12 applications detected. from android most of which are disguised as chat apps that actually install a Trojan on the phone and then steal data such as call logs and messages, gain remote control of the camera, and even collect chat data from platforms with extreme encryption such as WhatsApp.
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat and Wave Chat. Needless to say, if you have any of these apps installed on your devices, uninstall them immediately.
Notably, six of these apps were available on the Google Play Store, which increases risks as users flock there trusting the security protocols implemented by Google. A Remote Access Trojan (RAT) called Vajra Spy is at the center of these apps’ spying activities.
A chat app that causes serious damage
“It steals contacts, files, call logs and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls and take photos using the camera,” ESET said in a report on the findings.
Notably, this is not the first time Vajra Spy has raised the alarm. In 2022 Broadcom also included as a variant of a remote access trojan (RAT) that uses Google Cloud Storage to collect stolen data from Android users.
This malware is associated with the APT-Q-43 threat group, which is known to specifically target members of the Pakistani military establishment.
The obvious goal of VajraSpy is to collect information from the infected device and capture user data such as text messages, WhatsApp and Signal conversations, call history and more. These apps, most of which were disguised as chat apps, use romance-focused social engineering attacks to lure victims.
This is a recurring theme, especially given the purpose of the apps. In 2023 Scroll reported how overseas spies are using honey traps to lure Indian scientists and military personnel into obtaining sensitive information through a combination of romance and blackmail. Even FBI issued a warning about digital novel scams, and a White House official Lost over half a million dollars in one of these traps.
In the latest deployment of VajraSpy, the applications were able to extract contact details, messages, list of installed applications, call logs and local files in various formats such as .pdf, .doc, .jpeg, .mp3 and others. . Those with advanced features require the use of a phone number, but can also intercept messages on secure platforms such as WhatsApp and Signal.
In addition to recording real-time text exchanges, these apps can intercept notifications, record phone calls, record keystrokes, take photos with the camera without the victim’s knowledge, and capture the microphone to record audio. Again, the latter is not surprising.
We recently wrote about how bad the actors are. abuse of push notifications on phones and sell data to government agencies, while security experts told Digital Trends the only reliable way to stop it is to disable access to notifications for apps.
Source: Digital Trends
