Remote access Trojan was found in apps distributed on the Play Store

Powerful malware was found inside 12 apps, six of them distributed through the Play Store until September 2023. Known as VajraSpy, the malware opens the way for unauthorized remote access.

The malicious apps were listed on the Play Store between April 1, 2021 and September 10, 2023. Although they have been removed from the Google platform, they must still be distributed via the web or alternative app stores.

The RAT malware known as VajraSpy was contained in 6 apps distributed on the Play Store.The RAT malware known as VajraSpy was contained in 6 apps distributed on the Play Store.Source: VisualHunt

Once infected by VajraSpy, the user may have personal data (contacts, messages and other information) stolen. The more permissions the infected app has, the more content it can check, You can even record calls.

According to researchers from the ESET group, who discovered the malware, the focus is to target users residing in Pakistan. RAT operators are part of Patchwork APT, active since 2015.

What does VajraSpy do?

VajraSpy is spyware and a Remote Access Trojan (RAT). It has monitoring and data theft features.

According to the documentation, spyware can steal and share data for the criminal, intercept and extract messages from encrypted apps, such as WhatsApp and Telegram, for example, record calls, access the device's camera to take photos and videos, intercept notifications and more.

Which applications were infected?

Check which applications are infected by VajraSpy, according to ESET:

  • Rafaqat;
  • PriveeTalk;
  • MeetMe;
  • Let's Chat;
  • Quick Chat;
  • Chit Chat;
  • HelloChat
  • YohooTalk
  • TikTalk
  • Nidus
  • GlowChat
  • WaveChat

Several malicious apps pretend to be messengers. Generally, these applications need several permissions to function, such as access to the contact list and media, for example, making them a big deal for malware that depends on authorization.

Leave a Reply

Your email address will not be published. Required fields are marked *