According to Bleeping Computer*, Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
The Android spyware is suspected to be a variant of “Coverlm,” which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
Also, the CYFIRMA’s analysts highlight several TTP similarities to the ‘DoNot APT’ (APT-C-35), that has previously infested Google Play with fake chat apps acting as spyware. Late last year, ESET reported that the hackers were using fake VPN apps for the Android platform that included extensive spyware functions.
However credible an app may appear, whether it be from an advert or via a contact in a message, downloading apps outside of the genuine app store can come with risks.
Using unknown apps can unfortunately still take advantage of the open source technology and allow malware to run wild on a device. Enabling permissions for such apps gives malicious actors the full control necessary to cause havoc and even spy on the device’s owner. It is therefore imperative that people steer clear of third party app stores and install antivirus software on compatible devices.
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 