Malware News 12 Malicious Messaging Apps found on Google Play Store; VajraSpy RAT

[Ink]

Content source

https://www.bleepingcomputer.com/news/security/more-android-apps-riddled-with-malware-spotted-on-google-play/#google_vignette

Update 2/2 - A Google spokesperson sent BleepingComputer the following comment:

We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action.​

Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behavior on Android devices with Google Play Services, even when those apps come from sources outside of Play.​

ESET researcher Lukas Stefanko found 12 malicious Android applications containing the same VajraSpy RAT code, six of which were uploaded on Google Play, where they were downloaded roughly 1,400 times.

The apps that were available on Google Play are:

1. Rafaqat رفاقت (news)
2. Privee Talk (messaging)
3. MeetMe (messaging)
4. Let's Chat (messaging)
5. Quick Chat (messaging)
6. Chit Chat (messaging)

VajraSpy apps available outside Google Play are all bogus messaging apps:

1. Hello Chat
2. YohooTalk
3. TikTalk
4. Nidus
5. GlowChat
6. Wave Chat

Third-party app stores do not report download counts, so the number of people who have installed them through these platforms is unknown.

ESET's telemetry analysis indicates that most victims are located in Pakistan and India and are most likely tricked into installing the fake messaging apps via a romance scam.

Those installing the apps became infected with VajraSpy, allowing the malware to steal personal data, including contacts and messages, and depending on the granted permissions, even to record their phone calls.