A new threat has emerged in the form of malware posing as popular messaging apps. Dubbed VarajSpy, this malicious software acts as a remote access trojan, allowing cybercriminals to take control of your device without your knowledge.
Users infected with VarajSpy are exposed to potential cyberattacks, such as data theft, including sensitive phone contacts, and in some cases even unauthorized recording of phone calls.
Although these harmful apps have been removed from Google Play, they persist on third-party app stores disguised as messaging and news applications.
Researchers from the cybersecurity firm ESET uncovered this scheme, linking the cyber attackers responsible to the Patchwork Advanced Persistent Threat (APT) group.
Deceptive Chat Apps to Beware Of
As reported by ESET researcher Lukas Stefanko, these apps were downloaded around 1,400 times from Google Play. They masqueraded under benign names like Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, and Chit Chat.
On third-party stores, similar apps with seemingly harmless names such as Hello Chat, YohooTalk, TikTalk, Nidus, GlowChat, and Wave Chat were also identified, making it challenging to gauge the extent of their distribution.
ESET’s analysis revealed that a significant number of victims targeted by these malicious apps were based in Pakistan, likely falling prey to a broader romance scam tactic to lure them into downloading the fake chat apps.
In response to these findings, a Google spokesperson reassured users by stating, “We prioritize the security and privacy of apps, and any violations of our policies result in immediate action taken against the app.”
“Users are safeguarded by Google Play Protect, a service that detects and warns users about apps displaying malicious behavior, even if sourced from outside Play Store,” the spokesperson added.
Featured Image: Photo by Jonas Leupe on Unsplash
