Malware-riddled Android apps spotted on Google Play Store — here's what to avoid

News
By published

Researchers found 12 malicious Android apps

Android logo
(Image credit: Android Authority)

Android users have become targets of a social engineering attack that aimed to steal sensitive data located on their smartphones and even keep tabs on them. 

A report from cybersecurity researchers at ESET claims to have recently found 12 malware-laden Android apps that carried malicious code and were used in this campaign.

ESET says that the attackers most likely created fake social media accounts and presented themselves as attractive people interested in the victims. After a little back-and-forth, they would suggest moving the conversation to an Android chat app, and offer one of the malicious apps.

VajraSpy and Patchwork

Of the 12 apps used in this campaign, most pretended to be chat apps, with just one being a news app. They are called Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. Six were even available on the Google Play Store at the time. 

While these apps may appear to work as intended, in the background they were executing code of a Remote Access Trojan (RAT) known as VajraSpy. This RAT was developed by an Advanced Persistent Threat (APT) group known as Patchwork, which generally targets Pakistanis. 

VajraSpy was described as having “a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code.” 

Among other things, VajraSpy can steal contacts lists, files, call logs, and even SMS messages. Some of the variants can exfiltrate WhatsApp and Signal messages, record phone calls, and take photos with the Android device’s camera. 

ESET’s researchers believe that at least 1,400 people were targeted, and were able to geolocate 148 compromised devices in Pakistan and India. Google has since removed the apps from the Play Store, but they are still available for download on third-party stores and malicious websites. Furthermore, the users that downloaded them won’t be safe until they remove the apps from their devices and clean their phones up entirely.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
mobile phone
Popular Android financial help app is actually dangerous malware
Kaspersky Report on Stalkerware
Security flaw in popular stalkerware apps is exposing phone data of millions
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Latest in Security
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Latest in News
Adobe AI agents
Adobe launches 10 new AI agents to automate key marketing workflows
Windows 10
Microsoft gets into the spam game by again emailing Windows 10 users to prod them to upgrade to Windows 11 – is the nagging going too far now?
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Leaked Galaxy S25 Edge pricing gives us a clearer idea of how the super-slim phone will fit into Samsung's lineup
Samsung Galaxy Z Flip 6 in blue
The Samsung Galaxy Z Flip SE may launch months after the Galaxy Z Flip 7
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
More about security
ransomware avast

Billions of credentials were stolen from businesses around the world in 2024
ID theft

Hackers claim Orange attack, threaten to leak 1TB of data
An Android phone being held in the hand

These malicious Android apps were installed over 60 million times - here's how to stay safe
See more latest
Most Popular
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
Windows 10
Microsoft gets into the spam game by again emailing Windows 10 users to prod them to upgrade to Windows 11 – is the nagging going too far now?
Adobe AI agents
Adobe launches 10 new AI agents to automate key marketing workflows
Xbox Adaptive Joystick
The Xbox Adaptive Joystick has arrived, and you can buy it now exclusively at the Microsoft Store
Nvidia GTC 2025
Nvidia, Google, and Disney's AI-powered Star Wars robot is absolutely the droid I've been looking for
Frank Castle holding Matt Murdock against a locker in Daredevil: Born Again episode 4
Daredevil: Born Again episode 4 ending explained: who is Muse, what does Sic Semper Systema mean, who is Adam, and more big Marvel questions answered
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Leaked Galaxy S25 Edge pricing gives us a clearer idea of how the super-slim phone will fit into Samsung's lineup
Samsung Galaxy Z Flip 6 in blue
The Samsung Galaxy Z Flip SE may launch months after the Galaxy Z Flip 7
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Google Pixel 9 front and back
Leaked Google Pixel 9a promo materials reveal almost everything – and a launch could be just hours away