Six of the apps were available on Google Play, and the remaining were hosted on VirusTotal. Eleven of the apps look like legitimate messaging apps. One is disguised as a news app.
The apps can steal your contacts, files, call records, and text messages. Some of them can even access WhatsApp and Signal chats, record phone calls, and intercept notifications. The apps also send device locations and the names of the apps installed to their command and control centers.
The apps primarily target users in Pakistan and India. The ones available on Google Play were downloaded 1,400 times.
The things we do for love
The cybercriminals behind the apps use a honey-trap or love-trap scam to trick victims into downloading them. The bad actors probably found their targets on a social media platform and then exhibited romantic interest to convince them to install the malicious apps.
Here are the names of the apps that were found on Google Play:
1. Rafaqat (an Urdu word that means fellowship)
2. Privee Talk
3. MeetMe
4. Let’s Chat
5. Quick Chat
6. Chit Chat
Although these apps have been kicked out of the Play store, if you have them on you phone, you must delete them to stay safe.
Apps found on VirusTotal:
1. YohooTalk
2. TikTalk
3. Hello Cha
4. Nidus
5. GlowChat
6. Wave Chat
The apps seem to offer standard messaging functionality and ask the user to create an account using their phone number. Even if the account creation process isn’t successful, they continue to run in the background.
#chat #apps #silently #snapping #pictures #recording #audio #deleted #immediately
