In the vast Android world, with its whopping three billion-plus users, cyber threats continue to lurk. Recently, ESET cybersecurity researchers uncovered six Android apps containing the notorious VajraSpy Remote Access Trojan (RAT) malware. Once installed on smartphones, these malicious apps can pilfer sensitive information like contacts, files, call logs, and SMS messages.
Moreover, if users grant unrestricted access, the malware can even snoop on WhatsApp and Signal messages, record phone calls, and capture photos through the camera.
One deceptive app, named Rafaqat (meaning fellowship in Arabic), masqueraded as a news app and was traced back to a potential developer from Pakistan. The threat actors used the name of a famous Pakistani cricketer, Mohammad Rizwan, as the app developer. The compromised apps were found on the Google Play Store, including Rafaqat (News), Privee Talk, MeetMe, Let’s Chat, Quick Chat, and Chit Chat.
ESET also detected six other clone apps, like Hello Chat and YohooTalk, on compromised websites, intended to lure victims. The investigation revealed around 148 compromised devices in Pakistan and India. ESET, part of Google’s App Defense Alliance, promptly informed Google, leading to the removal of the malicious apps.
To stay safe from such threats:
- Avoid third-party app stores or unknown websites for app downloads.
- Exercise caution even on official platforms like Google Play; check reviews and developers’ credibility.
- Never install apps from shared URLs, even from friends or family.
- Be wary of unknown chatting or messenger apps, as they may be used to trap potential victims.
ESET researchers emphasize vigilance against social engineering tactics and advise users to uninstall the mentioned apps immediately. Remaining cautious and avoiding suspicious links can help thwart cyber threats in the Android ecosystem.
