Hackers are using a fake Android chatting app called 'SafeChat' to steal data from targeted individuals in South Asia, including India. (Unsplash)
Hackers are using a fake Android chatting app called 'SafeChat' to steal data from targeted individuals in South Asia, including India. (Unsplash) 
Science & Tech

Hackers stealing WhatsApp users' data in India via fake Android chat app

NewsGram Desk

Hackers are using a fake Android chatting app called 'SafeChat' to steal data from targeted individuals in South Asia, including India, via malicious payload delivered directly through WhatsApp chat.

Cyber-security firm Cyfirma obtained advanced Android malware targeting individuals in the South Asia region. The suspicious Android malware is a dummy chatting app.

"Our initial technical analyses revealed that APT Bahamut is behind the attack. The nature of this attack, along with previous incidents involving APT Bahamut, possibly indicate that it was carried out to serve the interests of one nation-state government," the report noted.

Notably, APT Bahamut has previously targeted Khalistan supporters, advocating for a separate nation, posing an external threat to India.

"The threat actor has also aimed at military establishments in Pakistan and individuals in Kashmir, all aligning with the interests of one nation state government," the security researchers indicated.

The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. (Unsplash)

This particular malware exhibits a similar operational mechanism to the previously identified malware (distributed through the Google Play Store by the notorious APT group known as 'DoNot').

However, the new malware has more permissions, and thus presents a higher level of threat.

After installation, a suspected app with the name "Safe Chat" appears on the main menu. After opening the app, the user is shown a landing page where the user is notified of operating a secure chatting app.

Upon opening the app, after fresh installation, the pop-up message instructs the user to allow permission, and the hackers' game begins.

The user interface of this app successfully deceives users into believing its authenticity, allowing the threat actor to extract all the necessary information, before the victim realises that the app is a dummy.

The Cyfirma team said that based on past and present targets, it strongly suggests that the APT group operates within Indian territory.

(IANS/SR)

Also Read

Bridging the Gap: From Frequent Molecular Changes to Observable Phenomena

Research shows for first time that a critically endangered bird is at a greater risk of being taken for captivity than through loss of habitat

Redefining Modern Office Desk Designs for Efficiency among Professionals

Swiss Sojourn: Simplifying Switzerland Business Visa Application for a Seamless Journey

Are Rare Carat Diamonds Sparkling with Purpose?