ANDROID users have been alerted to fake VPN apps which are capable of stealing information from WhatsApp.
Hackers have come up with a dummy site designed to trick people into installing malicious data-hungry apps.
1
They use and abuse the real SecureVPN name to reel victims in.
Once installed, the hackers can get hold of contacts, text messages, recorded phone calls, and even chats from popular apps.
It takes advantage of accessibility services on your device to keep track of the keys you tap.
This effectively means a cyber criminal could actively spy on anything you send via WhatsApp, Facebook Messenger, Telegram or just about any other popular messaging platform.
The campaign has been attributed to an infamous cyber-mercenary group called Bahamut ATP.
They’re known for offering hack-for-hire services, mainly aimed at specific entities and individuals in the Middle East and South Asia.
As well as a fake version of SecureVPN, the hackers also created ripoffs of SoftVPN and OpenVPN, experts at ESET revealed.
And they say it’s still active at the moment.
“Most read in Tech
“It uses the same method of distributing its Android spyware apps via websites that impersonate or masquerade as legitimate services, as has been seen in the past,” ESET explained.
“Further, the spyware code, and hence its functionality, is the same as in previous campaigns, including collecting data to be exfiltrated in a local database before sending it to the operators’ server, a tactic rarely seen in mobile cyberespionage apps.”
They added: “The campaigns using the fake SecureVPN app try to keep a low profile, since the website URL is most likely delivered to potential victims with an activation key, which is not provided on the website.
“Unfortunately, we were not able to obtain a working key.”
Although Google‘s open approach to Android means you can download apps anywhere you like, it’s widely regarded as risky.
It’s better not to install apps from outside the Google Play Store as they don’t go through same vetting process.
However, even on the Google Play Store some dodgy apps slip through the net, so be sure to read reviews and check that the provider appears legit.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
