Your personal data and information is a hot commodity, so much so that almost any company or other entity with access tries to monitor and sell it if possible. Threat actors know this too, which could lead to blackmail, extortion, bank account access, or more sinister things if your personal data is breached. With this in mind, researchers are constantly investigating to find apps that do malicious things. For example, the recent discovery of 12 Android apps that steal data.
Just this week, ESET researchers identified 12 Android apps that share similar code, which turned out to be malicious. These apps were disguised as messaging tools except for one, which was allegedly a news app. All were running a remote access trojan (RAT) called VajraSpy in the background. This kit used by the Patchwork APT group could “[steal] contacts, files, call logs and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls and take pictures with the camera.”
In terms of who has been affected, there have been some random malware detections outside of Malaysia, but primarily this campaign is targeting devices in Pakistan and India believed to be Pakistani developers. It is also believed that this could be part of a romance scam, where “victims were approached via a romance scam where campaigners feigned romantic and/or sexual interest in their targets on another platform and then convinced them to download these Trojan applications .”
You can read the full review of the apps in this report, but to cut a long story short, make sure you have any of the following Android apps installed on your devices: MeetMe, Privee Talk, Let’s Chat, Quick Chat, GlowChat , Chit Chat, Hello Chat, TikTalk, Nidus, YohooTalk, Wave Chat or Rafaqat رفاقت. If any of these are present, you should remove the apps and assess your security immediately. Furthermore, while this may not affect most people, it should serve as a good warning that malware can sneak in anywhere, so know what you’re downloading before you start installing apps.