WhatsApp and Facebook users have been warned over an Android app which could steal your private texts.
A special breed of communications-stealing malware has been attacking the Google Play Store, according to cyber researchers at Cyfirma.
The malware exhibits a similar operational mechanism to those previously identified, but this bug has more permissions and presents more of a threat according to the company.
The app successfully deceives its users and allows the threat actor to extract necessary information, before the victim realizes it is a dummy.
Tech experts have wanred WhatsApp and Facebook over an Android app which could steal your private texts
While the app has since been removed from the Play Store, it will remain on your Android if you downloaded it beforehand.
In this case you’ll have to delete the app, ironically called SafeChat, manually.
An Indian hacking group known as ‘Bahamut’ is thought to have injected the app with spyware which steals texts, call logs and GPS locations from phones.
The hacking circle has been active since 2017 and has targeted a wide range of platforms, including iOS, Android, and Windows according to Cyfirma.
Last year, the group was linked to using fake VPN apps for Android devices which were designed to extract sensitive user data and actively spy on victim’s messaging apps such as WhatsApp, Facebook Messenger, Signal, Viber and Telegram.
ESET researchers reportedly found at least eight versions of the Bahamut spyware, which, they said, could mean the campaign is well-maintained. The malicious apps were never available for download from Google Play.
While the app has since been removed from the Play Store, it will remain on your Android unless deleted manually
The report warned: ‘If the Bahamut spyware is enabled, then it can be remotely controlled by Bahamut operators and can exfiltrate various sensitive device data, such as contacts, SMS messages, call logs, a list of installed apps, device location, device accounts.
The software can also uncover device information, such as the type of internet connection, IP address or SIM serial number.
Tech experts at Cyfirma have not revealed how hackers lured people into downloading SafeChat.
Cyber experts suspect Bahamut to have been working on behalf of a specific state government in India.
But a common method is by suggesting to move a conversation to a ‘more secure’ platform, according to BleepingComputer.
Experts at Cyfirma said Bahamut targets phones specifically in the South Asia region, but the app could have been downloaded by anyone in the world, putting more Android users at risk.