The Indian APT group Patchwork, recognized for its focused spear phishing cyberattacks in opposition to Pakistanis, has been caught abusing Google Play to distribute six completely different Android espionage functions posing as legit messaging and information companies. In actuality, they arrive loaded with a newly found distant entry Trojan (RAT) known as VajraSpy.
Researchers from ESET who uncovered the marketing campaign discovered that VjjaraSpy RAT intercepts calls, SMS messages, information, contacts, and extra, based on the safety agency’s Patchwork report this week. They will additionally extract WhatsApp and Sign messages, report cellphone calls, and take digicam footage. In complete, the researchers discovered the RAT-tainted functions have been downloaded from the Google Play retailer greater than 1,400 occasions.
Along with the six Google Play apps getting used to ship VajraSpy, the ESET group discovered a further six being distributed in third-party/unofficial app shops. The phony apps go by names that embody Privee Discuss, MeetMe, Let’s Chat, Fast Chat, Rafagat, and Faraqat.
“Based mostly on a number of indicators, the marketing campaign focused principally Pakistani customers: Rafaqat رفاقت, one of many malicious apps, used the title of a well-liked Pakistani cricket participant because the developer title on Google Play; the apps that requested a cellphone quantity upon account creation have the Pakistan nation code chosen by default; and lots of the compromised gadgets found via the safety flaw have been positioned in Pakistan,” based on the report.
To lure victims into downloading the apps, the cybercriminals used the promise of affection in focused assaults, the report discovered.
“To entice their victims, the risk actors doubtless used focused honey-trap romance scams, initially contacting the victims on one other platform after which convincing them to change to a trojanized chat software,” ESET’s report added.
ESET reported the apps to Google and so they have been faraway from the Play retailer.