Be careful if you have these applications installed on your phone! You are infected with malicious spyware that records your every conversation and discreetly takes photos of you.
We can never say it enough, but be very careful with the applications you install on your smartphone! What you think is harmless photo editing software or a simple mobile game can wreak havoc on your life. Cybercriminals will stop at nothing to steal your personal information, and some of their methods are particularly intrusive. Eset cybersecurity researchers had further proof of this when they discovered the VajraSpy Trojan used by the Patchwork APT hacking group. Hidden within instant messaging or messaging applications, it is able to take control of your device to start audio recordings in the background and, even worse, take secret photos of you!
© ESET
Researchers have discovered twelve apps infected with this malware, some of which are even sold directly in the Play Store, Google's app store for Android. For others, cybercriminals have developed malicious strategies to spread them, such as romance scams. To put it simply, they contact their victims via legitimate messaging services such as Messenger or WhatsApp. Once the conversation is established, they feign romantic or sexual interest and ask her to download another messaging app that corrupted. And then the trap closes.
Once your device is infected, the Trojan has access to your contacts, your call logs, your SMS messages, the location of your smartphone and the list of installed applications, which it steals with great care. Some of the infected apps are also able to intercept WhatsApp and Signal messages despite their encryption. One of the applications (Wave Chat) goes so far as to record your phone conversations, the words you type on the keyboard and ambient sounds by activating the microphone of your smartphone, as well as taking photos by activating the cameras. The Messages app asks for your phone number to sign in and can intercept contacts and certain files. The six applications distributed in the Play Store have been downloaded several thousand times – for the others it is impossible to know. Here is the list of compromised applications:
- Private conversation
- meet me
- let us write
- Quick chat
- Rafaqat
- Chit Cat
- YohooTalk
- Tick tock
- Hello Cat
- Nidus
- GlowChat
- Wave Chat
Fortunately, the apps available in the Play Store have now been removed. However, if you already have one of them installed on your smartphone, remove it immediately. Avoid downloading apps outside of official stores, and even then this isn't a complete guarantee of security – despite Google's best efforts, the Play Store regularly hosts fraudulent applications. The wisest thing to do is to only install applications that you really need and delete the ones that you no longer use. Before each download, pay attention to small details that might give you away, such as: Such as the number of downloads, negative reviews, the developer's name, other apps they developed, approval requests, etc. Don't forget to use a background antivirus program to counter any malicious behavior that may be at work in the background.