Be careful if you have these applications installed on your phone! They are infected with nasty spyware that records your every conversation while discreetly taking photos of you.
We can never say it enough, but be very careful about the applications you install on your smartphone! What you think is an innocent photo editing software or a simple mobile game can wreak havoc on your life. Cybercriminals will stop at nothing to steal your personal data, and some of their methods are particularly intrusive. Eset cybersecurity researchers had further proof of this when they discovered the VajraSpy Trojan, used by the Patchwork APT hacker group. Hidden in instant messaging or news applications, it is able to take control of your device to start audio recordings in the background and, even worse, take photos of you in secret!
Researchers have discovered twelve apps infected with this malware, some of which are even distributed directly on the Play Store, Google’s application store for Android. For others, cybercriminals have developed vicious strategies to spread them, such as romance scams. To put it simply, they contact their victims through legitimate messaging services, such as Messenger or WhatsApp. Once the conversation is well established, they feign romantic or sexual interest and ask them to download another messaging app, the corrupted one. And then the trap closes.
Once it has infected your device, the Trojan has access to your contacts, your call logs, your SMS messages, the location of your smartphone and the list of installed applications, which it takes great care to steal . Some of the infected apps are also capable of intercepting WhatsApp and Signal messages, despite their encryption. One of the applications (Wave Chat) goes so far as to record your phone calls, the words you type on the keyboard and surrounding sounds by activating the microphone of your smartphone, in addition to taking photos by activating the cameras. As for the news app, it asks for your phone number to log in and can intercept contacts and certain files. The six applications that were distributed on the Play Store have been downloaded several thousand times – impossible to know for the others. Here is the list of compromised applications:
- Private Talk
- MeetMe
- Let’s Chat
- Quick Chat
- Rafaqat
- Chit Cat
- YohooTalk
- TikTok
- Hello Cat
- Nidus
- GlowChat
- Wave Chat
The apps that were available on the Play Store have, fortunately, since been removed. However, if you have already installed one of them on your smartphone, remove it immediately. Avoid downloading apps outside of official stores, and even then, this is not an absolute guarantee of security – despite Google’s best efforts, the Play Store regularly hosts fraudulent applications. The wisest thing is to only install applications that you really need and delete those that you no longer use. Before each download, look for small details that might tip you off, such as the number of downloads, negative reviews, developer name, other apps they have developed, permission requests, etc. . Finally, don’t forget to use antivirus in the background to counter any malicious behavior that might be at work in the background.