Beware Android Users: Spyware Stealing WhatsApp Data!

Spyware Stealing WhatsApp Data

Attention, Android users, be warned, for there exists a counterfeit application clandestinely pilfering your personal data from WhatsApp and other applications. Hackers are employing a deceptive Android app named ‘SafeChat’ as a vessel to infiltrate devices with insidious spyware, surreptitiously harvesting users’ WhatsApp data and other delicate information.

WhatsApp stands as one of the most extensively utilized instant messaging platforms worldwide. In India, it boasts a multitude of users, making it an alluring target in the realm of cyber threats. From scams to malicious assaults, hackers have persistently set their sights on WhatsApp users, endeavoring to abscond with their valuable data.

Once more, this platform falls under the scrutiny of hackers as they exploit a sham Android app called ‘SafeChat’ to introduce their sinister spyware malware into unsuspecting devices. This malevolent software not only filches WhatsApp user data but also clandestinely acquires other sensitive information, including call logs, text messages, and GPS locations.

The spyware is suspected to be a variant of “Coverlm,” a nefarious entity that specifically targets communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. According to researchers at CYFIRMA, the perpetrators behind this malware campaign are attributed to an Indian APT hacking group known as ‘Bahamut.’ These recent assaults primarily employ spear-phishing messages on WhatsApp, directly distributing the malicious payloads to their hapless victims. It is further disclosed that Bahamut targets users throughout India and South Asia.

Analysts at CYFIRMA have drawn parallels between Bahamut’s methods and those used by another Indian state-sponsored threat group known as ‘DoNot APT’ (APT-C-35). In the past, DoNot APT had infected Google Play with counterfeit chat apps functioning as spyware.

SafeChat’s Data Theft

While CYFIRMA has not explicitly revealed the social engineering aspect of this cyber attack, it is evident that the victims are lured into installing the chat app, believing it to be a secure communication platform. The app’s user interface successfully deceives users, leading them to trust its authenticity, while the threat actor covertly extracts all the necessary information. Before the victim realizes the ruse, the malware ingeniously exploits unsuspecting Android Libraries to covertly extract and transmit data to a command-and-control server, as detailed in the report.

Here is a step-by-step overview of how spyware pilfers information from users’ smartphones:

The hackers persuade the victim to install the seemingly legitimate chat app, SafeChat.
Once installed, the app requests permissions to utilize Accessibility Services, subsequently granting itself additional permissions such as access to the victim’s contacts list, SMS, call logs, external device storage, and GPS location data.
The app further requests the user’s approval for exclusion from Android’s battery optimization subsystem, ensuring that it continues to operate in the background even when inactive.
The app then interfaces with other chat apps already present on the device, allowing it to extract data from those apps, including chat messages and media files.
The stolen data is then encrypted and transmitted to the attacker’s C2 server, ensuring anonymity and evading detection.

CYFIRMA concludes that, given the nature of this attack and previous incidents involving APT Bahamut, the APT group operates within the Indian territory.

Staying Safe in the Cyber World

While cyber-attacks are not unprecedented, it is imperative to exercise caution and take measures to safeguard oneself from such threats. Here are some tips to protect yourself from SafeChat and other malware while ensuring the security of your Android device:

Install Apps from Trusted Sources: Only download and install applications from official app stores like the Google Play Store. Avoid sideloading apps from unfamiliar sources, as they may contain malicious elements.
Scrutinize App Permissions: Exercise caution with apps that request unnecessary permissions. If an app seeks access to sensitive data or features unrelated to its core functionality, reconsider its installation.
Keep Your Device Updated: Regularly update your Android device with the latest software and security patches. Manufacturers release updates to rectify vulnerabilities and bolster the device’s security.
Utilize Security Apps: Install a reputable antivirus or security app from a trusted provider to conduct regular scans for malware and potential threats on your device.