New applications infected by a Trojan horse called RajsaSpy are currently rampant. Delete them quickly if you have already installed them, because they record your every conversation!
Once again, several compromised applications have been discovered by cybersecurity researchers, this time from the organization ESET. They are able to take control of your device to start audio recordings in the background thanks to the VajraSpy Trojan. Half of them were distributed directly on the Play Store, Google’s app store for Android – you can’t change good old habits! Despite the security tools and measures that the Mountain View firm deploys, hackers are constantly developing new strategies aimed at circumventing them. As for the others, they were distributed by indirect means, notably through a romance scam.
VajraSpy: a very indiscreet Trojan horse
The apps are messaging apps, except for one, which is a news app. In reality, they execute the code of a remote access Trojan called VajraSpy. To spread the virus, cybercriminals use romance scams, feigning romantic or sexual interest in their victims. They contact her through legitimate messaging services, such as Messenger or WhatsApp, then ask them to download another messaging application, which is obviously corrupted. This campaign is mainly active in Pakistan.
By infecting Android smartphones and tablets, these applications are able to steal contacts, gain access to call logs, SMS messages as well as the location of your device and the list of installed apps. Some are also able to exploit built-in accessibility options to intercept WhatsApp and Signal messages, despite their encryption. One of the applications (Wave Chat) goes so far as to record phone calls, words typed on the keyboard and surrounding sounds by activating the smartphone’s microphone. As for the news app, it asks for the phone number to connect and can intercept contacts and certain files. The six applications that were distributed on the Play Store were downloaded more than 1,400 times – impossible to know for the others. Here is the list of infected apps:
- Private Talk
- MeetMe
- Let’s Chat
- Quick Chat
- Rafaqat
- Chit Cat
- YohooTalk
- TikTok
- Hello Cat
- Nidus
- GlowChat
- Wave Chat
Apps that were available on the Play Store have since been removed. However, if you have already installed one of them on your smartphone, remove it immediately. Keep in mind that just because you download an app from an official store doesn’t mean you don’t run any risks – so outside of that, let’s not talk about it! Also, it is better to only install applications that you really need and delete those that you no longer use. Before each download, remember to check the little details that might alert you – number of downloads, reviews, name of the developer, authorization requests, other apps developed… Finally, use an antivirus behind -plan in order to verify that malicious behavior is not at work in the background.