Tag: #spyware

ESET researchers have found a cyber espionage campaign that used Google Play to distribute apps bundled with VajraSpy RAT code

ESET researchers have identified 12 Android espionage apps that share the same malicious code; six were available on Google Play. All the observed applications were advertised as messaging tools, apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group. The campaign mostly targeted users in Pakistan. Based on ESET’s investigation, the threat actors behind the trojanized apps probably used a honey-trap romance scam to lure their victims into installing the malware.

VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code. It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera.

Based on available numbers, the malicious apps that used to be available on Google Play were downloaded more than 1,400 times. During the ESET investigation, weak operational security of one of the apps led to some victim data being exposed, which allowed researchers to geolocate 148 compromised devices in Pakistan and India. These were likely the actual targets of the attacks. ESET is a member of the App Defense Alliance and an active partner in the malware mitigation program, which aims to quickly find Potentially Harmful Applications and stop them before they ever make it onto Google Play. As a Google App Defense Alliance partner, ESET identified the malicious apps and reported them to Google, and they are no longer available on the Play store. However, the apps are still available on alternative app stores.

Last year, ESET detected a trojanized news app called Rafaqat being used to steal user information. Further research has uncovered several more applications with the same malicious code. In total, ESET analyzed 12 trojanized apps, six of which (including Rafaqat) had been available on Google Play, and six found in the wild – in the VirusTotal database. These apps had various names, such as Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat.

To entice their victims, the threat actors likely used targeted honey-trap romance scams, initially contacting the victims on another platform and then convincing them to switch to a trojanized chat application. “Cybercriminals wield social engineering as a powerful weapon. We strongly recommend against clicking any links to download an application that are sent in a chat conversation. It can be hard to stay immune to spurious romantic advances, but it pays off to always be vigilant,” advises ESET researcher Lukáš Štefanko, who discovered this Android spyware.

According to the MITRE ATT&CK database, Patchwork has not been definitively attributed and only circumstantial evidence suggests the group may be a pro-Indian or Indian entity. This APT group targets mostly diplomatic and government entities.

For more technical information about VajraSpy and the spying apps from the Patchwork APT group, check out the blog post “VajraSpy: A Patchwork of espionage apps” on WeLiveSecurity.com. Make sure to follow ESET Research on X (formerly known as Twitter) for the latest news from ESET Research.

How to Protect Your Smart Device From Intrusion of Dangerous Spy Apps

Is someone keeping tabs on your phone with spyware? If they are, they can steal your data and know private information about you. Find out how to protect your smart device from the instruction of dangerous spy apps.

Although they may not know about it, millions of people around the world are currently being tracked by parents, employers, or their partners, thanks to spy apps. While it’s bad enough that someone has access to your private conversations and personal data, it gets worse when you realize that hackers can gain access to data retrieved by spy apps and leak them.

Luckily, every person is always interested in learning how to protect their phone, and in this article, we’ll show you how you can do it. 

How to Tell if Your Cell Phone Is Being Spied On?

To protect your phone from spying, you have had to get smart and become extra sensitive to abnormalities that we would otherwise disregard. If you want to know how to catch someone spying on you, just read the signs below to find out.

Unusual Sounds During Calls

It’s easy to dismiss strange sounds while making calls and attribute them to poor signals. However, this is hardly true. In fact, these types of sounds are associated with analog networks, which made way for the digital networks we now use. Therefore, if you hear distant voices, a static or clicking sound while making a call, there’s a chance you’re being spied on.

Decreased Battery Capacity

Another way we have used to find out if your phone is hacked is through battery performance. When your smartphone is being tracked with a spy app, its battery will usually drain easily. The reason is quite simple. Spy apps perform all kinds of tasks on your phone. They gather data from multiple apps and send them to a third party. Some spyware can even record conversations, take selfies, and track your internet activities. Since it’s working round the clock, it’s bound to drain your battery regularly. If you use a smartphone with a removable battery, you can take it out and insert it on a similar phone to see if it drains as quickly as it does on your phone. If it doesn’t, you’re most certainly being hacked.

Phone Shows Activity When Not in Use

If you’re not using your phone, it should be silent with the lights out. However, a phone that is being spied on will exhibit strange behaviors, including alerts, turning on and off without touching it. These strange behaviors usually happen because someone has remote access somewhere, and they’re monitoring your phone habits.

Increased Data Usage

Spy apps need a data connection to send information from your phone to a third-party device. The information could include media files like videos and pictures. Hence, it will need to use your internet connection to send. If you notice a strange increase in data usage, you’re most likely being spied on. Go to your phone settings and check data usage to see how your data is being used.

How to Find Hidden Spy Apps on Android and iOS?

How can you protect your phone from spyware? First, you’d have to know how to find hidden spy apps on your phone. If you can easily find them, you’d be able to protect your smartphone a lot better. Here’s how to catch someone spying on your phone: 

Android

Most Android phones come with old hardware that allows access to malicious malware. They are also easier to root compared to iPhones. When rooted, someone can gain full access to your phone via spy apps without your knowledge. So, how do you catch them? You can fish out Android spy apps using an anti-malware tool. It scans your Android smartphone and removes spy apps and other malicious malware.

If this method doesn’t work, you can always try a full factory reset. This method will delete every app on your phone, including the ones you need. Therefore, it’s seen as a last resort. If you wish to know how to prevent spyware on Android, the best advice is to keep your phone to yourself. People can only install spyware on your phone if they have physical access to it. Keeping your phone away from people will help protect your phone from spyware. 

iPhone

iPhones are usually more difficult to spy on. Their security system is more robust, and performing a jailbreak will be difficult. Yet, it’s not impossible. Check your iPhone for the Cydia app. This app promotes iPhone customization. If you find it, chances are someone has performed a jailbreak on your iPhone and a spy app is in there somewhere. If you’re looking for how to block spyware on the iPhone, you might be disappointed.

The only way to reverse a spyware attack is to perform a factory reset to remove the spy app and jailbreak.

What Are Smartphone Surveillance Apps?

Smartphone surveillance apps are software that helps you keep tabs on people’s phone habits remotely. With a spy app installed on someone’s phone, you can view their text messages, monitor their calls, and spy on their social media apps, including Facebook, Twitter, and Instagram. You will also be able to monitor their location through a GPS location feature.

 

Is it illegal to spy on someone? Technically, it is. But some of these apps are parental software that parents use to monitor their kids. So even though spying on someone is illegal, spy apps are not. Currently, there are several spy apps on the market. If you wish to know more, read about the top Android spy software.

Conclusion

Can someone hack your iPhone? Absolutely. Whether you’re using an iPhone or Android device, you can be hacked. But how can you protect your phone from spying? The only way is to block spy apps on your phone.