Up next
Author

ANDROID users have been alerted to fake VPN apps which are capable of stealing information from WhatsApp.

Hackers have come up with a dummy site designed to trick people into installing malicious data-hungry apps.

Hackers have made a fake site for SecureVPN

1

Hackers have made a fake site for SecureVPNCredit: ESET

They use and abuse the real SecureVPN name to reel victims in.

Once installed, the hackers can get hold of contacts, text messages, recorded phone calls, and even chats from popular apps.

It takes advantage of accessibility services on your device to keep track of the keys you tap.

This effectively means a cyber criminal could actively spy on anything you send via WhatsApp, Facebook Messenger, Telegram or just about any other popular messaging platform.

Code to spot for £600 cost of living payment landing in bank accounts from today
I have UPVC door, there’s a switch to make it less draughty this winter

The campaign has been attributed to an infamous cyber-mercenary group called Bahamut ATP.

They’re known for offering hack-for-hire services, mainly aimed at specific entities and individuals in the Middle East and South Asia.

As well as a fake version of SecureVPN, the hackers also created ripoffs of SoftVPN and OpenVPN, experts at ESET revealed.

And they say it’s still active at the moment.

“Most read in Tech

“It uses the same method of distributing its Android spyware apps via websites that impersonate or masquerade as legitimate services, as has been seen in the past,” ESET explained.

“Further, the spyware code, and hence its functionality, is the same as in previous campaigns, including collecting data to be exfiltrated in a local database before sending it to the operators’ server, a tactic rarely seen in mobile cyberespionage apps.”

They added: “The campaigns using the fake SecureVPN app try to keep a low profile, since the website URL is most likely delivered to potential victims with an activation key, which is not provided on the website.

“Unfortunately, we were not able to obtain a working key.”

Although Google‘s open approach to Android means you can download apps anywhere you like, it’s widely regarded as risky.

Millions of iPhone and Android owners warned over dangerous 'red flags'
Android phone owners warned over four apps that empty your bank – delete them now

It’s better not to install apps from outside the Google Play Store as they don’t go through same vetting process.

However, even on the Google Play Store some dodgy apps slip through the net, so be sure to read reviews and check that the provider appears legit.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

This post first appeared on Thesun.co.uk

You May Also Like

This Chinese EV Sells At Just Over $5,000. So We Tried It

A distinct whine from the electric motor accompanies you as you drive…

Xbox Series X Mini Fridge is available NOW: Where to buy in the UK and US

IT’S not often an item appears on the gaming market that you…

Silicon Valley’s biggest titans all started at the same place – meet ‘The PayPal Mafia’ still shaping the world today

THE STORY of Silicon Valley can’t be told without PayPal bridging the…

34 Best Apple Black Friday Deals (2022): Apple Watch, iPads, AirPods

Apple isn’t holding a Black Friday weekend sale per se, but it…