Malware disguised as a messaging app has been found on twelve applications, six of which were available on Google Play between April and September 2023. The malicious software, known as VarajSpy, is referred to as a remote access trojan. This means that the cyber-attacker is able to access your device remotely.

Those infected by VarajSpy became specifically vulnerable to cyberattacks like data theft (including phone contacts) and, depending on permissions granted, even recorded their phone calls.

While these malicious apps have been removed from Google Play, they remain on third-party app stores disguised as messaging and news apps. 

Researchers at the anti-virus software company ESET uncovered this campaign. According to them, these cyber-attackers are part of the Patchwork Advanced Persistent Threat (APT) group.

Bogus chat apps

Furthermore, according to Lukas Stefanko, an ESET researcher, these apps were downloaded 1,400 times on Google Play. They had innocent-sounding names like Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, and Chit Chat.

Unlike Google Play, it is difficult to track how many applications were downloaded from third-party app stores. Still, they did have similarly innocuous-sounding names like Hello Chat, YohooTalk, TikTalk, Nidus, GlowChat, and Wave Chat.

Analysis by ESET also found that the majority of these hacking victims were located in Pakistan, and that they were most likely tricked into installing these bogus chat apps as part of a wider romance scam.

In a statement to BleepingComputer, a spokesperson for Google said: “We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action.”

“Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behavior on Android devices with Google Play Services, even when those apps come from sources outside of Play.”

Featured Image: Photo by Jonas Leupe on Unsplash 

Charlotte Colombo

Freelance Journalist

Charlotte Colombo is a freelance journalist with bylines in, Radio Times, The Independent, Daily Dot, Glamour, Stylist, and VICE among others. She most recently worked as a Staff Writer for entertainment outlet The Digital Fix for two years and, prior to that, worked with Business Insider and Dexerto on their digital culture desks. She’s also appeared on BBC Radio 5 and The Guardian podcast to share her expertise on technology, influencers, and niche internet subcultures. She holds an MA in Magazine Journalism from City, University of London and has been freelancing for three years. She has a wide range of specialties including technology, digital culture, entertainment, lifestyle, and neurodiversity.'