A serious new warning this week, urging Android users to check their phones for a set of very dangerous apps that not only steal personal data but can also record phone calls. If you have any of these installed, remove them immediately.
This is the latest such warning for malicious apps on both Google’s Play Store and the “user beware” third-party Android app stores.
The Vajraspy Remote Access Trojan (RAT) was identified by ESET’s research team, which “named twelve Android spying apps that share the same malicious code,” six of which were “available on Google Play,” according to its Despite the defense.
ESET attributes the RAT to the Patchwork APT group in Asia. The team says the apps were advertised as messaging tools in addition to news apps – Vajraspy has a range of spying functionalities that can be expanded depending on the permissions granted to the app bundled with its code . It steals contacts, files, call logs and SMS messages, but some of its implementations can also extract WhatsApp and Signal messages, record phone calls and take photos.
While there were very few installs from the Play Store, mostly limited to Asia, it is not known how many apps were downloaded from third-party stores. Google’s official store is far more secure than the alternatives, but the fact that these apps made it to the Play Store in the first place should be cause for concern.
These apps appear to be more targeted than other recent malware warnings. Users were often sent links through chat apps under the guise of online romance. But the apps are also available on stores for anyone to install.
Other malware-containing apps that have surfaced recently have been downloaded millions of times. The full list of dangerous apps can be found below.
This is the third such Android warning in recent weeks, following the SpyLoan and Xamalicious reports. And it matches the current spotlight on App Store security. Apple has repeatedly insisted on opening up its own ecosystem to third-party stores for security reasons. Now it is being forced to do so through Europe’s Digital Markets Act (DMA). Such stories will not provide much comfort.
Users should also check out Spylone and Zamalicious apps as well as Vajraspy, which are detailed below. They should also look for any so-called “copycat apps” hidden on their phones. Even though all these apps have been removed from the Play Store, some are still available and may not have been automatically removed.
Vajraspy:
- hello chat
- Sound off
- meet me
- house of diseases
- Rafaqat News
- TIC Toc
- wave chat
- prive talk
- shine shine
- lets chat
- NioNio
- instant chat
- yoho talk
Xamalicious:
- Essential Horoscope for Android
- 3D Skin Editor for Minecraft PE
- logo maker pro
- auto click repeater
- Calculate Easy Calorie Calculator
- sound volume amplifier
- letterlink
- Numerology: Personal Horoscope and Number Predictions
- Step Keeper: Easy Pedometer
- track your sleep
- sound volume booster
- Astrological Navigator: Daily Horoscope & Tarot
- universal calculator
Detective Loan:
- aa credit
- amor cash
- guayabacash
- EasyCredit
- cash flow
- credibus
- flashloan
- Prestmoscredito
- Prestomos de Credito-Yumicash
- go credito
- instantanio prestamo
- cartera grande
- rapido credito
- finup loan
- 4s cash
- TrueNaira
- easycash
As I’ve said repeatedly, the dangers of sideloading will be hotly debated until 2024, well before Apple’s change in the iOS 17 update and then the change in iOS 18.
When Apple begins to move beyond its App Store exclusivity, I suspect we’ll see more focus on vulnerabilities in the Android ecosystem, where finding the right balance between option and risk is proving impossible.
In addition to being wary of unofficial app stores, ESET strongly recommends installing apps via links sent via chat apps. “Cyber criminals use social engineering as a powerful weapon. We strongly recommend not clicking on any links to download applications sent in chat conversations.
I would go further and advise against accidental downloads Any Apps on your phone, unless you trust their origin and their developer. Once installed and with plenty of permission abuse, apps can potentially access everything on your device, the keys to your private life.
In the meantime, check your phone for the 40+ apps above, and maybe start deleting casual apps you’ve collected over the years and no longer use. This is good practice, especially at this time, and you will be advised to do some housekeeping.