October 1, 2023

Beware of ‘SafeChat’: A Fake Android Chat App Exploiting WhatsApp Users in South Asia

A new cyber threat has emerged in South Asia, where hackers are targeting WhatsApp users with a sophisticated fake Android chatting app named ‘SafeChat’. Researchers at the cyber-security firm Cyfirma have discovered this advanced Android malware, which poses a serious risk to individuals in the region. The attackers behind the malware, known as APT Bahamut, are employing deceptive tactics to steal sensitive data directly from WhatsApp conversations.

The Modus Operandi of the Fake App:

The ‘SafeChat’ app is being distributed through WhatsApp, and its devious design aims to lure victims into installing the fake chat application. Cybercriminals are using phishing messages on WhatsApp to circulate links for installing the app, tricking users into believing they are transitioning their conversations to a more secure platform.

Upon installation, the malicious app assumes the guise of a legitimate chat application, featuring a deceiving user interface and an authentic-looking registration process. These elements add to the app’s credibility and make it appear genuine to unsuspecting users.

However, behind its deceptive façade lies a more sinister agenda. Once the app is launched, it prompts users to grant multiple permissions, including access to Accessibility Services, contacts list, SMS, call logs, external device storage, and precise GPS location data. The app also persuades users to exempt it from Android’s battery optimization system, ensuring it can run undetected in the background.

The Grave Threat to User Data:

Once users grant these permissions, the hackers gain full control over the infected device. The malware is suspected to be a variant of “Coverlm,” enabling it to steal data from a range of messaging apps, including Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. The hackers can now eavesdrop on sensitive conversations, access private files, and compromise personal information stored on the device.

Infiltration by the APT Bahamut Group:

Cyfirma’s technical analysis points to APT Bahamut, the same threat actor behind a previously identified malware distributed through the Google Play Store, known as ‘DoNot’. The new malware, however, poses a higher level of threat as it requires more permissions and can target a wider range of messaging platforms.

The Need for Vigilance:

As cyber threats continue to evolve, users must remain vigilant to protect themselves from such malicious attacks. Avoid downloading apps from untrusted sources or clicking on suspicious links, especially in messaging platforms. Regularly update your device’s software and employ strong security measures, such as using reputable antivirus software and enabling two-factor authentication.

By staying informed and practicing safe digital habits, users can fortify their defenses against cyber threats like ‘SafeChat’ and ensure their digital safety in an ever-evolving digital landscape.