Malware News 12 Malicious Messaging Apps found on Google Play Store; VajraSpy RAT


Thread author
Staff Member
Jan 8, 2011
Update 2/2 - A Google spokesperson sent BleepingComputer the following comment:

We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action.
Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behavior on Android devices with Google Play Services, even when those apps come from sources outside of Play.
ESET researcher Lukas Stefanko found 12 malicious Android applications containing the same VajraSpy RAT code, six of which were uploaded on Google Play, where they were downloaded roughly 1,400 times.

The apps that were available on Google Play are:
  1. Rafaqat رفاقت (news)
  2. Privee Talk (messaging)
  3. MeetMe (messaging)
  4. Let's Chat (messaging)
  5. Quick Chat (messaging)
  6. Chit Chat (messaging)
VajraSpy apps available outside Google Play are all bogus messaging apps:
  1. Hello Chat
  2. YohooTalk
  3. TikTalk
  4. Nidus
  5. GlowChat
  6. Wave Chat
Third-party app stores do not report download counts, so the number of people who have installed them through these platforms is unknown.
ESET's telemetry analysis indicates that most victims are located in Pakistan and India and are most likely tricked into installing the fake messaging apps via a romance scam.

Those installing the apps became infected with VajraSpy, allowing the malware to steal personal data, including contacts and messages, and depending on the granted permissions, even to record their phone calls.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.