VajraSpy: Messaging, News Apps Stuffed With Data Stealing Malware Listed On Google Play Store; Check List Here
VajraSpy Malware: Instances of malicious apps appearing on Google Play Store have been on the rise in recent times. Continuing this series, ESET researchers identified 12 Android apps with malicious code, six of which were listed on the Play Store.
Most of these apps were messaging apps with one being from the news category. The apps execute VajraSpy, a remote access trojan (RAT) code of the Patchwork APT group on the affected device.
Depending on the permissions granted to these apps, they can steal call logs, contacts, messages and files from an affected device. Plus, it can extract messages from WhatsApp and Signal, record calls, click photos using the camera, intercept notifications and search files on the compromised handset. Among the most affected regions with this campaign were Pakistan and India. According to ESET Research, the apps on Play Store absorbed over 1,400 installs.
The cybersecurity firm managed to geolocate 148 devices compromised with the VajraSpy due to its weak security protocol. The blog of WeLiveSecurity stated that these bad actors used a “honey-trap romance scam” to lure victims to install the malware. Here is the list of apps that were available on the Play Store:
– Privee Talk
– MeetMe
– Let’s Chat
– Quick Chat
– Rafaqat (News)
– Chit Chat