Researchers from ESET Security have found a malicious Android app actively targeting users. Named as Welcome Chat, the app poses as a secure messaging app to lure Android users, ultimately stealing their data.
Sharing the details in a blog post, the researchers described that they caught the app as part of a cyberespionage campaign.
In brief, analyzing the app revealed the presence of spying codes. Hence, they could deduce that the app stealthily spies on users while delivering the expected functionalities on the front.
Welcome Chat app primarily attracts users via a dedicated website built in the Arabic language. The site claims the app to be available on Google Play Store; however, it isn’t.
Moreover, the site also claims the app as a secure chat platform. Nonetheless, the researchers could find no security measures associated with the app.
In fact, whatever data it steals from the users, it leaves it all publicly available on the internet. It uploads all the data to the server via insecure HTTP, exposing the data to anyone.
Regarding its functionalities, the researchers described,
App Intentionally Designed As Spyware
At first, the researchers suspected the app to be a Trojanized version. However, investigating the matter further revealed that the developed intentionally designed this chat app as spyware. Explaining this behavior, the researchers stated,
Besides, the researchers suspect a possible link of this app with the Gaza Hackers group aka Molerats. It’s because this group ran a similar campaign targeting the Middle East back in 2017. At that time, they used the malware ‘BadPatch’.
For security, the researchers advise all users not to download any app from third-party sites except trusted developers. Moreover, users should remain careful about the permissions an app asks on their device. They should get rid of any app that behaves suspiciously.
For More Hacking News Click Here