These chat apps might silently be snapping your pictures or recording audio and must be deleted immediately

2comments
These chat apps might silently be snapping your pictures or recording audio and must be deleted immediately
ESET researchers have published the names of recently discovered Android apps that primarily exist to keep tabs on users who download them.

Six of the apps were available on Google Play, and the remaining were hosted on VirusTotal. Eleven of the apps look like legitimate messaging apps. One is disguised as a news app.

The apps silently run remote access trojan (RAT) code known as VajraSpy and are part of a Patchwork APT campaign. Their primary functionality is to spy on people and their snooping capabilities are related to the permissions granted to them. 

The apps can steal your contacts, files, call records, and text messages. Some of them can even access WhatsApp and Signal chats, record phone calls, and intercept notifications. The apps also send device locations and the names of the apps installed to their command and control centers. 

Their most disturbing capability is that they can take pictures of victims and record surrounding audio.

The apps primarily target users in Pakistan and India. The ones available on Google Play were downloaded 1,400 times.

The things we do for love


The cybercriminals behind the apps use a honey-trap or love-trap scam to trick victims into downloading them. The bad actors probably found their targets on a social media platform and then exhibited romantic interest to convince them to install the malicious apps.

Here are the names of the apps that were found on Google Play: 

1. Rafaqat (an Urdu word that means fellowship)
2. Privee Talk
3. MeetMe
4. Let’s Chat
5. Quick Chat
6. Chit Chat

Although these apps have been kicked out of the Play store, if you have them on you phone, you must delete them to stay safe.

Apps found on VirusTotal:

1. YohooTalk
2. TikTalk
3. Hello Cha
4. Nidus
5. GlowChat
6. Wave Chat

The apps seem to offer standard messaging functionality and ask the user to create an account using their phone number. Even if the account creation process isn't successful, they continue to run in the background.

If you are lonely or looking to settle down, we recommend you give that person your mom recommended a shot or let your friends set you up, instead of cozying up to random strangers, particularly those who insist on taking the conversation to a shady messaging app.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless