With millions of apps, the Android ecosystem attracts a lot of users around the world. Currently, it has a record three billion plus active user base. However, it also draws the attention of bad actors to prey on naive Android smartphone owners.
In the latest instance, ESET cyber security researchers have detected six Android apps laced with VajraSpy, a notorious Remote Access Trojan (RAT) malware.
Onced installed on phones, Android trojan apps are capable of stealing personally identifiable details such as contacts, files, call logs, and SMS messages.
If the phone owner is not cautious enough and blindly gives permissions to the app to access core functionalities such as mics, cameras, and other communications apps, they can extract information from WhatsApp and Signal messages. They are even capable of recording phone calls and taking pictures with the camera.
This will greatly impact the target persons and bad actors can use the details for ransom money. Or, if it is carried by spy mercenaries they can leak sensitive personal photos, messages, and videos on social media platforms to bring disrepute to the victim. If the person is a celebrity actor or political leader, this can greatly harm the reputation and hurt future career prospects.
ESET researchers also identified a fake news app Rafaqat (arabic meaning fellowship) understood to be developed in Malaysia and another clue also pointed to the developer from Pakistan. Threat actors used Mohammad Rizwan, a famous Pakistani cricketer name as the app developer's name.
List of six compromised apps on Google Play Store:
1) Rafaqat رفاقت (News)
2) Privee Talk (messenger app)
3) MeetMe (messenger app)
4) Let's Chat (messenger app)
5) Quick Chat (messenger app)
6) Chit Chat (messenger app)
Besides the aforementioned apps, ESET also detected six other clone apps such as Hello Chat, YohooTalk, TikTalk, Nidus, GlowChat, and Wave Chat on compromised websites on the internet.
These apps are used to honeytrap victims. They first lure them to go to compromised websites and download other trojanised apps.
As per the ESET investigation, around 148 devices were compromised in Pakistan and India.
ESET is part of Google's App Defense Alliance, which works around the clock to detect such trojanised apps. It has informed the company and the apps have been taken down.
Android phone owners are advised to uninstall all the aforementioned apps from their phones immediately.
"Cybercriminals wield social engineering as a powerful weapon. We strongly recommend against clicking any links to download an application that is sent in a chat conversation. It can be hard to stay immune to spurious romantic advances, but it pays off to always be vigilant," said ESET researchers.
Tips on how to avoid malware-laced apps:
1) Never install apps from third-party app stores or unknown websites
2) Even on official platforms such as Google Play/Apple App Store/Microsoft Windows Store, always exercise caution while downloading apps developed by unfamiliar developers
3) Always check the reviews of the apps before installing them onto your device. There will always be telltale signs and complaints such as previous customers facing issues with productivity or the app not functioning as advertised.
4) Never install apps from websites URL share on the messenger app. Even if it is sent by your friend or family member, do not install them
5) As mentioned above, avoid installing unknown chatting or messenger apps, as they are most likely used to honey trap the potential victim
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.