Malware-riddled Android apps spotted on Google Play Store — here's what to avoid

Android logo
(Image credit: Android Authority)

Android users have become targets of a social engineering attack that aimed to steal sensitive data located on their smartphones and even keep tabs on them. 

A report from cybersecurity researchers at ESET claims to have recently found 12 malware-laden Android apps that carried malicious code and were used in this campaign.

ESET says that the attackers most likely created fake social media accounts and presented themselves as attractive people interested in the victims. After a little back-and-forth, they would suggest moving the conversation to an Android chat app, and offer one of the malicious apps.

VajraSpy and Patchwork

Of the 12 apps used in this campaign, most pretended to be chat apps, with just one being a news app. They are called Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. Six were even available on the Google Play Store at the time. 

While these apps may appear to work as intended, in the background they were executing code of a Remote Access Trojan (RAT) known as VajraSpy. This RAT was developed by an Advanced Persistent Threat (APT) group known as Patchwork, which generally targets Pakistanis. 

VajraSpy was described as having “a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code.” 

Among other things, VajraSpy can steal contacts lists, files, call logs, and even SMS messages. Some of the variants can exfiltrate WhatsApp and Signal messages, record phone calls, and take photos with the Android device’s camera. 

ESET’s researchers believe that at least 1,400 people were targeted, and were able to geolocate 148 compromised devices in Pakistan and India. Google has since removed the apps from the Play Store, but they are still available for download on third-party stores and malicious websites. Furthermore, the users that downloaded them won’t be safe until they remove the apps from their devices and clean their phones up entirely.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.