### Alarming Discovery of Trojan-Infected Android Apps
This week, security alarms were raised again due to the NSO Group's devastatingly powerful Pegasus malware being deployed in Jordan to spy on journalists and activists. While this high-profile case resulted in Apple filing a lawsuit against NSO Group, there is a broader, more insidious threat lurking in seemingly innocuous Android apps. Security experts at ESET have identified at least 12 Android apps that are Trojan horses, stealing sensitive data from users' phones. These apps, often disguised as chat applications, can remotely control cameras, extract chat details from encrypted platforms like WhatsApp, and steal call logs and messages.
The malicious apps identified are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let's Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. If any of these apps are installed on your device, it is crucial to delete them immediately. Six of these apps were even available on the Google Play Store, highlighting a significant security lapse, as users typically trust the security protocols enforced by Google.
At the heart of these apps' espionage activities is a Remote Access Trojan (RAT) known as Vajra Spy. According to ESET's report, Vajra Spy steals contacts, files, call logs, and SMS messages. Some implementations can even extract messages from WhatsApp and Signal, record phone calls, and take pictures with the phone's camera. This Trojan is not new; in 2022, Broadcom also identified Vajra Spy as a RAT variant leveraging Google Cloud Storage to gather data from Android users. This malware has been linked to the threat group APT-Q-43, known for targeting members of the Pakistani military establishment.
The primary objective of Vajra Spy is to harvest information from infected devices and capture users' data, including text messages, WhatsApp and Signal conversations, and call histories. These apps employed romance-aligned social engineering attacks to lure targets, a recurring theme in cyber espionage. In 2023, Scroll reported on spies from across borders using honey traps to lure Indian scientists and military personnel into revealing sensitive information. The FBI has also issued alerts about digital romance scams, highlighting the severity of this threat.
The recent deployment of Vajra Spy allowed these malicious apps to extract contact details, messages, lists of installed apps, call logs, and various local files such as .pdf, .doc, .jpeg, and .mp3. Some advanced functionalities required users to provide their phone numbers, enabling the apps to intercept messages on secure platforms like WhatsApp and Signal. These apps could log text exchanges in real-time, intercept notifications, record phone calls, log keystrokes, take pictures without the user's knowledge, and record audio via the microphone.
This is not an isolated issue. Security experts have reported on bad actors abusing push notifications on phones and selling the data to government agencies. The only fool-proof way to stop this, according to experts, is to disable notification access for apps.
The discovery of these Trojan-infected apps underscores the importance of vigilance when downloading and using mobile applications. Users should be cautious and regularly review the permissions granted to apps on their devices, ensuring they only use trusted and verified sources for app downloads.
Do you wish to initiate a DMCA takedown report? Kindly send details to [email protected] or [email protected]
Written: ( 06:14 am)
