• Source:JND
Add as a preferred

SafeChat, a fake Android chatting app, is stealing critical data from people in South Asia, particularly India. Because the malicious payload is sent directly over WhatsApp chat, this approach is very deceiving and dangerous.

According to the Cyber-security company Cyfirma, it has discovered this advanced Android spyware that appears as a helpful talking app while stealthily taking data from unwary users. According to Cyfirma's initial technical research, the attack is related to the infamous APT (Advanced Persistent Threat) organisation "Bahamut."

READ: WhatsApp Scams: Wacky Life Lessons To Imposters, Amusing Ways Fraudsters Use To Con People

The report stated that the attack's characteristics and prior APT Bahamut instances possibly indicate that it was carried out to serve the interests of one nation-state government. This implies that political or strategic goals may have inspired the attack.

The APT group has a history of attacking people who support the Khalistan movement and call for a separate country, putting India at risk from the outside. In line with the objectives of a certain nation-state government, the group has also targeted individuals in Kashmir and military installations in Pakistan.

The Android spyware employed in this attack is thought to be a variation of "Coverlm," which is well-known for collecting data from well-known messaging services including Facebook Messenger, WhatsApp, Telegram, Signal, and WhatsApp. The malware functions in a manner that is reminiscent of the malware that was previously discovered being transmitted through the Google Play Store by the infamous APT organisation known as "DoNot."

READ: WhatsApp Fraud Calls: Scammers Use AI Deepfake Tech To Mimic Kerala Man's Workmate; Here's How The Scam Unfolded

However, this new malware type has greater permissions, which makes it even riskier and more difficult to detect. Once downloaded, the fake "SafeChat" app fools users into thinking it is a real safe talking programme by appearing in the main menu. After the user grants permission, the software begins collecting personal data from them; they are ignorant of the ruse until it is too late.

Based on past and present targets, the Cyfirma team has convincing evidence that the APT group is active in Indian territory. The incident serves as a sharp reminder of the sophistication of cyberattacks, which requires ongoing awareness and care to protect sensitive and personal data.