• Source:JND
Add as a preferred

VajraSpy Malware: Instances of malicious apps appearing on Google Play Store have been on the rise in recent times. Continuing this series, ESET researchers identified 12 Android apps with malicious code, six of which were listed on the Play Store. Most of them were messaging apps with one being from the news category. The apps execute VajraSpy, a remote access trojan (RAT) code of the Patchwork APT group on the affected device.

Depending on the permissions granted to these apps, they can steal call logs, contacts, messages and files from an affected device. Plus, it can extract messages from WhatsApp and Signal, record calls, click photos using the camera, intercept notifications and search files on the compromised handset. Among the most affected regions with this campaign were Pakistan and India. According to ESET Research, the apps on Play Store absorbed over 1,400 installs.

Also Read: Clean Malware From Android And Windows Devices With These Govt-Approved Free Tools

The cybersecurity firm managed to geolocate 148 devices compromised with the VajraSpy due to its weak security protocol. The blog of WeLiveSecurity stated that these bad actors used a "honey-trap romance scam" to lure victims to install the malware. Here is the list of apps that were available on the Play Store:

- Privee Talk

- MeetMe

- Let's Chat

- Quick Chat

- Rafaqat (News)

- Chit Chat

The above-stated apps have now been removed from Google Play Store. (Image:Unsplash)

While the apps have been removed by Google, here are the other apps that were available in the wild on other app markets.

- YohooTalk

- TikTalk

- Hello Chat

- Nidus

- GlowChat

- Wave Chat

Also Read: Operation Triangulation To Xamalicious To Chameleon Trojan, Latest Threats Targeting iOS, Android Users; How To Be Safe

ESET researcher Lukas Stefanko noted that the impact of VajraSpy due to third-party app market availability remains unknown because of the lack of download figures. As a precautionary measure, users must not download chat apps from links received from unknown people and monitor the permissions of apps on their devices.

Google shared a statement to BleepingComputer: "We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behaviour on Android devices with Google Play Services, even when those apps come from sources outside of Play."