WhatsApp Users in India Targeted by Fake App that Steals Data

Cyber attackers are using a fake Android app called “SafeChat” to infect devices with spyware malware. This malicious software steals WhatsApp users’ data, as well as other sensitive information such as call logs, texts, and GPS locations.

The spyware is a variant of “Coverlm,” which targets popular communication apps like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. The responsible hacking group is called “Bahamut,” an Indian APT group. They primarily carry out their attacks through spear-phishing messages on WhatsApp, delivering the malware payloads directly to victims in India and South Asia.

The deceptive tactics used by the attackers involve social engineering, where victims are convinced to install the fake chat app under the belief that it will provide a safer communication platform. The app’s user interface cleverly deceives users into thinking it is authentic, allowing the threat actor to extract information before victims realize the deception.

Here’s how the spyware steals information from smartphones:

• The hackers persuade victims to install the seemingly legitimate “SafeChat” app.
• Once installed, the app requests Accessibility Services permissions, granting itself additional access to the victim’s contacts, SMS, call logs, device storage, and GPS data.
• The app then seeks approval to exclude itself from Android’s battery optimization, enabling it to run in the background without the user’s active interaction.
• The app interacts with other chat apps already installed on the device, stealing data such as chat messages and media files.
• Stolen data is encrypted and sent to the attacker’s command-and-control server, ensuring anonymity and evading detection.

To protect yourself from SafeChat and similar malware on your Android device, follow these safety tips:

• Install Apps from Trusted Sources: Only download apps from official stores like Google Play Store to avoid malware risks.
• Check App Permissions: Be cautious of apps requesting unnecessary permissions unrelated to their functionality.
• Keep Your Device Updated: Regularly update your Android device to strengthen security with the latest software and patches.
• Use Security Apps: Install reputable antivirus or security apps to regularly scan your device for potential threats.