Eset’s cybersecurity experts raised the alarm after managing to identify the presence of spyware and Rat (Remote access trojan) Vajra Spy in a series of smartphone applications intended for Android systems, six of which were even published and available to users on the Play Store.
After receiving the report, the Google company itself committed to removing the infected programs from its virtual store, even if the danger remains for Internet users, since some of these apps are still available for download on third-party stores parts, disguised as messaging or news software. The malware reported by ESET researchers is used for espionage purposes by the hacker group Patchwork: the objective is obviously to take possession of the sensitive data of the victim in question through his smartphone.
The first application to be found on Google’s “virtual store” last year was Rafaqat. The other five that were identified in the Play Store also had the same infected code and the same user interface, namely Privee Talk, MeetMe, Let’s Chat, Quick Chat and Chit Chat. While Rafaqat was disguised as a news app, the other five pretended to be intended for instant messaging.
The remaining six applications to watch out for, which, it is worth remembering, are unfortunately still available on alternative stores, are Hello Chat, YohooTalk, TikTalk, Nidus, GlowChat and Wave Chat.
At the moment the highest percentage of victims has been found in Asia; Hackers’ targets were trapped thanks to a series of “romance scams” set up by scammers. Essentially, therefore, users were lured online by false profiles created specifically for this purpose which convinced them to download and install a specific infected application in order to talk privately.
According to cybersecurity experts, VajraSpy offers scammers functionality spyware and remote access trojans, and is therefore perfectly capable of stealing contacts, call history, text messages, emails and files with specific extensions from the unfortunate person on duty. Even more dangerous for privacy is the fact that it can even record telephone conversations or environmental audio, intercept messages sent via WhatsApp, Signal and Telegram, take photos and scan WiFi networks.
The advice is always to avoid downloading unknown apps or available on unknown portals: even better, to protect every download also made on the Play Store, activate it “Play Protect”which allows you to locate all infected programs.