The Indian APT group Patchwork, identified for its focused spear phishing cyberattacks in opposition to Pakistanis, has been caught abusing Google Play to distribute six totally different Android espionage functions posing as legit messaging and information companies. In actuality, they arrive loaded with a newly found distant entry Trojan (RAT) known as VajraSpy.
Researchers from ESET who uncovered the marketing campaign discovered that VjjaraSpy RAT intercepts calls, SMS messages, recordsdata, contacts, and extra, in line with the safety agency’s Patchwork report this week. They will additionally extract WhatsApp and Sign messages, report telephone calls, and take digital camera footage. In complete, the researchers discovered the RAT-tainted functions had been downloaded from the Google Play retailer greater than 1,400 occasions.
Along with the six Google Play apps getting used to ship VajraSpy, the ESET staff discovered a further six being distributed in third-party/unofficial app shops. The phony apps go by names that embody Privee Discuss, MeetMe, Let’s Chat, Fast Chat, Rafagat, and Faraqat.
“Primarily based on a number of indicators, the marketing campaign focused largely Pakistani customers: Rafaqat رفاقت, one of many malicious apps, used the identify of a well-liked Pakistani cricket participant because the developer identify on Google Play; the apps that requested a telephone quantity upon account creation have the Pakistan nation code chosen by default; and lots of the compromised units found by the safety flaw had been situated in Pakistan,” in line with the report.
To lure victims into downloading the apps, the cybercriminals used the promise of affection in focused assaults, the report discovered.
“To entice their victims, the menace actors doubtless used focused honey-trap romance scams, initially contacting the victims on one other platform after which convincing them to change to a trojanized chat utility,” ESET’s report added.
ESET reported the apps to Google they usually have been faraway from the Play retailer.
