[ad_1]
Android users are targeted by social engineering attacks aimed at stealing and even monitoring sensitive data on their smartphones.
According to a report from cybersecurity researchers at ESET, 12 Android apps were recently discovered carrying malicious code and loaded with malware used in this campaign.
ESET said the attackers likely created fake social media accounts and posed as attractive people interested in the victims. After a bit of back and forth, they offer to move the conversation to an Android chat app, and he of the malicious app offers one.
VajraSpy and Patchwork
Of the 12 apps used in this campaign, most pretended to be chat apps, and only one was a news app. These are called Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. At the time, six were also available on the Google Play Store.
These apps appeared to be working as intended, but in the background they were running code for a remote access trojan (RAT) known as VajraSpy. This RAT was developed by the Advanced Persistent Threat (APT) group known as Patchwork and primarily targets Pakistanis.
VajraSpy is described as having “a range of spying capabilities that can be extended based on the permissions granted to apps bundled with the code.”
Among other things, VajraSpy can steal contact lists, files, call logs, and even SMS messages. Some variants can also steal WhatsApp and Signal messages, record phone calls, and take photos with your Android device’s camera.
ESET researchers believe they were able to locate 148 compromised devices in Pakistan and India that targeted at least 1,400 people. Google has since removed the app from the Play Store, but it is still available for download on third-party stores and malicious websites. Additionally, users who have downloaded the app are not safe until they delete the app from their device and completely clean their phone.
Learn more about TechRadar Pro
[ad_2]
Source link
