[ad_1]
Earlier this month, ESET security researchers identified 12 Android spy apps that share the same malicious code. All reported apps claim to be messaging tools, except for one that pretends to be a news app. In the background, these apps secretly run remote access Trojan (RAT) code called VajraSpy, which is used by the Patchwork APT group for targeted espionage.
VajraSpy is said to have a variety of spying features that can be extended based on the permissions granted to apps bundled with the code. Steal contacts, files, call logs, and SMS messages. Some of these apps can also extract WhatsApp and Signal messages, record calls, and even take photos with the camera.
ESET’s telemetry data registered only detections from Malaysia, but the company said they were merely incidental and did not constitute the campaign’s actual targets, which were Android smartphone users in India and Pakistan. That’s what I think. “Victims believed they were approached through a honeytrap romance scam in which campaigners expressed romantic or sexual interest in targets on another platform and persuaded them to download a Trojanized app. “There are,” the report states.
Please also read | Explained: What is a voice clone scam and how to avoid falling victim to it?
Twelve of these apps were in the Google Play Store, while others (including Xamalicious) were in third-party app stores. Google has removed all apps, but if anyone has downloaded any of these apps on their phone, they will need to remove them manually.
The apps available on Google Play are:
* hello chat
*Chat
* Meet Me
*Nidas
*Rafa Cut News
*Tick talk
* Wave chat
*Private talk
*Glow Glow
*Let’s chat
* Nionioni
* Quick chat
* Yahoo Talk
Apps using Xamalicious* Essential horoscope for Android
* 3D skin editor for PE Minecraft
* Logo Maker Pro
* Auto click repeater
*Count easy calorie calculator
* Volume extender
*Letter link
* Numerology: Personal horoscope and number predictions
* Step Keeper: Easy pedometer
* Track your sleep
* Volume booster
* Astrology Navigator: Daily Horoscope and Tarot
* Universal calculator
VajraSpy is said to have a variety of spying features that can be extended based on the permissions granted to apps bundled with the code. Steal contacts, files, call logs, and SMS messages. Some of these apps can also extract WhatsApp and Signal messages, record calls, and even take photos with the camera.
ESET’s telemetry data registered only detections from Malaysia, but the company said they were merely incidental and did not constitute the campaign’s actual targets, which were Android smartphone users in India and Pakistan. That’s what I think. “Victims believed they were approached through a honeytrap romance scam in which campaigners expressed romantic or sexual interest in targets on another platform and persuaded them to download a Trojanized app. “There are,” the report states.
Please also read | Explained: What is a voice clone scam and how to avoid falling victim to it?
Twelve of these apps were in the Google Play Store, while others (including Xamalicious) were in third-party app stores. Google has removed all apps, but if anyone has downloaded any of these apps on their phone, they will need to remove them manually.
The apps available on Google Play are:
* hello chat
*Chat
Expanding
* Meet Me
*Nidas
*Rafa Cut News
*Tick talk
* Wave chat
*Private talk
*Glow Glow
*Let’s chat
* Nionioni
* Quick chat
* Yahoo Talk
Apps using Xamalicious* Essential horoscope for Android
* 3D skin editor for PE Minecraft
* Logo Maker Pro
* Auto click repeater
*Count easy calorie calculator
* Volume extender
*Letter link
* Numerology: Personal horoscope and number predictions
* Step Keeper: Easy pedometer
* Track your sleep
* Volume booster
* Astrology Navigator: Daily Horoscope and Tarot
* Universal calculator
[ad_2]
Source link
