If you have any of these apps on your Android phone, delete them immediately

Joe Maring / Digital Trends

The NSO Group sounded the security alarm this week, and once again, it was the powerful Pegasus malware that was targeted. deployed in Jordan to spy on journalists and activists. While this is a major case that would require Apple to file a lawsuit against NSO Group, there are countless seemingly harmless Android apps that harvest sensitive data from most people’s phones.

Security experts at ESET has spotted at least 12 Android apps, most of which masquerade as chat apps, that actually plant Trojans on phones and then steal details like call logs and messages, remotely control the camera, and even extract chat details from the backend. -To-end encrypted platform like WhatsApp.

The applications in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Of course, if you have any of these apps installed on your device, delete them immediately.

Notably, six of these apps are available on the Google Play Store, which further increases the risk as users flock here, placing their trust in the security protocols implemented by Google. The core of this application’s espionage activity is a remote access trojan (RAT) called Vajra Spy.

The chat application suffered a serious crash

Phone spying on someone.
Dall.E-3 / Digital Trends

“It steals contacts, files, call logs, and SMS messages, but some implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera,” ESET’s report said.

Notably, this isn’t the first time Vajra Spy has raised concerns. In 2022, Broadcom also lists it as a Remote Access Trojan (RAT) variant that leverages Google Cloud Storage to collect data stolen from Android users. This malware has been linked to the APT-Q-43 threat group, which is known to specifically target members of the Pakistani military.

VajraSpy’s real goal is to collect information from infected devices, as well as capture user data, such as text messages, WhatsApp and Signal conversations, call history, etc. These apps, many of which masquerade as chat apps, use romantically tinged social engineering attacks to lure their targets.

This is a recurring theme, especially considering the target application. In the 2023, Scrolling reported on how spies from across the border used honey traps to lure Indian scientists and military personnel into retrieving sensitive information using a combination of romance and blackmail. Even F.B.I has issued a warning about digital romance scams, while a White House staffer is lost more than half a million dollars in one such trap.

Illustration of a security warning on the phone.
Dall.E-3 / Digital Trends

In the case of the latest VajraSpy deployment, the app can extract contact details, messages, list of installed apps, call logs, and local files in different formats like .pdf, .doc, .jpeg, .mp3, and more. Those with advanced functionality are required to use a phone number, but by doing so, they can also intercept messages on secure platforms such as WhatsApp and Signal.

In addition to recording text exchanges in real-time, the application is also capable of intercepting notifications, recording phone calls, logging keystrokes, taking pictures with the camera without the victim’s knowledge, and taking over the microphone to record audio. Again, this last point is not surprising.

We recently reported how criminals are abusing push notifications on mobile phones and selling the data to government agencies, while security experts told Digital Trends that the only easy way to stop this is to disable notification access for apps.

Editor’s Recommendations






Leave a Comment