A malicious software known as VajraSpy has been discovered in over 12 mobile applications, with 6 of them originating from the Google Play Store. Despite Google promptly removing the affected apps from its Play Store, they remain accessible as third-party downloads. The malware, identified as a Remote Access Trojan (RAT), poses serious threats to users' privacy. Primarily targeting messaging and news-related apps, VajraSpy, once installed, can pilfer personal information, private data, and even record phone calls. Additionally, it can activate the device's front camera, enabling unauthorized monitoring of users.
ESET researchers were the first to report on this malware, linking it to the PatchWork APT group, which has been targeting individuals in Pakistan since 2015. The group inadvertently exposed its own malware campaign in 2022, utilizing the Ragnatela RAT for propagation. ESET identified other applications carrying the same VajraSpy code, including the news app Rafaqat, and messaging apps such as Privee Talk, MeetMe, Let’s Chat, Quick Chat, and ChitChat. Notably, the affected apps available outside of Google Play include Hello Chat, Yahoo Talk, TikTalk, Nidus, GlowChat, and Wave Chat.
Third-party websites do not disclose the number of downloads for these apps, making it challenging to determine the extent of the virus's impact. ESET noted that the majority of victims are from India and Pakistan, where individuals have been deceived into installing these compromised applications. Google Play is responding to the threat by implementing a new policy to bolster the platform against malware-infected apps. Meanwhile, users are advised to exercise caution and refrain from downloading apps recommended by unknown sources until more stringent security measures are in place.
Tags
tech