According to a report by Bleeping Computer, an Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.
While Google has already removed them, these malicious apps – disguised as messaging or news apps – are available on third-party app stores.
Why these apps are dangerous
The app brings along an infection called VajraSpy that allows hackers to steal personal data, including contacts and messages, and depending on the granted permissions, they can even record phone calls.
As per a team of researchers at ESET, the malware’s operators are the Patchwork APT group, which has been active since at least late 2015. The group has primarily targeted users in Pakistan.
The apps that were available on Google Play are:
Rafaqat (news)
Privee Talk (messaging)
MeetMe (messaging)
Let’s Chat (messaging)
Quick Chat (messaging)
Chit Chat (messaging)
Apps that have VajraSpy malware are:
Hello Chat
YohooTalk
TikTalk
Nidus
GlowChat
Wave Chat
What Google has to say
A Google spokesperson told the publications that it takes the app privacy seriously.
“We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action,” a Google spokesperson was quoted as saying.
“Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behaviour on Android devices with Google Play Services, even when those apps come from sources outside of Play,” the company said.
How to safeguard
Users should refrain from downloading obscure chat apps recommended by people they don’t know. Also, users must never download apps from platforms outside the official app stores.