In an alarming development, Android users have been targeted by a deceptive chat app that poses as a secure messaging platform but secretly installs spyware on vulnerable smartphones. The fake Android app, aptly named ‘SafeChat,’ claims to offer end-to-end encrypted chats, enticing unsuspecting users with promises of enhanced security. However, beneath its convincing facade lies a dangerous trap set by hackers to pilfer sensitive data, including call logs, text messages, and GPS locations from infected devices.
The discovery of SafeChat was made by cybersecurity researchers at CYFIRMA, a prominent firm based in Singapore. In their detailed report, the researchers unveil a troubling revelation – the advanced persistent threat (APT) hacking group known as ‘Bahamut’ is behind this malicious campaign. Interestingly, similarities with another Indian state-sponsored threat group, ‘DoNoT APT,’ have been noted, raising concerns about the extent of these spyware operations.
The Bahamut group has a history of deploying malevolent apps, and previously, they distributed fake VPN apps embedded with extensive spyware capabilities. Now, their latest creation, SafeChat, targets users primarily in South Asia. However, the potential for expansion remains, with the possibility of them targeting users in the U.S. and Europe, as has been observed with other malicious apps.
SafeChat adopts a deceptive guise of an authentic encrypted messaging app, effectively duping new users into believing it is a legitimate platform. The registration process adds an air of credibility, masking its true intentions as spyware. During installation, SafeChat cunningly prompts users to grant access to Accessibility Services, a crucial step in gaining more permissions for the spyware. This grants the malicious app access to sensitive data such as contacts, call logs, text messages, GPS location, and storage contents on infected smartphones.
Further investigation of SafeChat’s Android Manifest file by CYFIRMA’s researchers revealed a disturbing revelation – it is designed to interact with other chat apps installed on compromised devices, including popular platforms like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. This allows the spyware to pilfer data from these legitimate apps and send it back to a command and control (C&C) server operated by the hackers, enabling them to access confidential information.
To protect yourself from such malicious chat apps, it is essential to exercise caution and vigilance. If someone you don’t know or don’t trust urges you to install a new chat app claiming enhanced security, be wary, as this could be a significant red flag. Avoid downloading or sideloading apps from unfamiliar sources or links, and instead, stick to official app stores like Google Play Store, Amazon App Store, or the Samsung Galaxy Store.
Furthermore, invest in one of the best Android antivirus apps to safeguard your smartphone from potential threats like spyware. While Google Play Protect is available for free on most Android phones and can scan existing and new apps for malware, premium antivirus apps provide more comprehensive protection and advanced features.
Hackers will continue to employ cunning tactics to deceive unsuspecting users, luring them into downloading malicious apps. However, your safety and security lie in being vigilant and cautious. By staying informed and exercising prudence while navigating the digital landscape, you can safeguard your Android device from potential threats posed by deceitful chat apps like SafeChat.