Despite Google’s best efforts, cybercriminals are still coming up with ways to get their malicious apps onto the Play Store and remain there undetected.
As reported by BleepingComputer, a remote access trojan (RAT) called VajraSpy was discovered in 12 different malicious apps, though only six of them were available to download directly from the Google Play Store. The other six were distributed through unofficial, third-party app stores.
Regardless of where you might have downloaded one of these bad apps from, once they found their way onto one of the best Android phones, they install the VajraSpy malware. It's capable of extracting a victim’s contacts, text messages, call logs, device location, a list of installed apps as well as pictures, PDFs, documents and other files with specific extensions.
Here’s everything you need to know about this latest batch of malicious apps including how to remove them from your own Android smartphone.
Delete these apps right now
According to a new report from the cybersecurity firm ESET, the six malicious apps discovered on the Play Store have now been removed. However, they were up on Google’s app store and available to download for more than two years between April of 2021 and September of 2023.
Even though these apps have now been removed, you will still need to manually uninstall them from your devices if you were tricked into installing them in the first place. Here are all 12 malicious apps along with where you might have downloaded them from:
Rafaqat - Play Store
Privee Talk - Play Store
MeetMe - Play Store
Let's Chat - Play Store
Quick Chat - Play Store
Chit Chat - Play Store
Hello Chat - third-party app store
YohooTalk - third-party app store
TikTalk - third-party app store
Nidus - third-party app store
GlowChat - third-party app store
Wave Chat - third-party app store
As ESET points out, Wave Chat is the most dangerous of these malicious because it abuses Android’s accessibility services. Upon launch, the app asks for users to grant it extra permissions; if this is done, the app can then record phone calls, record WhatsApp, Signal and Telegram calls, log keystrokes, take pictures using a device’s camera, record audio and scan for Wi-Fi networks.
From romance scam to malware infection
So how did the cybercriminals behind these malicious apps trick their victims into downloading and installing them in the first place? According to ESET’s investigation into the matter, this was done by using a romance scam to lure potential victims into installing these malware-filled apps.
If you’ve ever used one of the best dating apps before, then you’ve likely come across a potential match that tried to get you to move off the app and use another platform instead. While ordinary people might ask you to switch from a dating app to communicating via text message or even WhatsApp, a sure fire sign of a romance scam is when they encourage you to download, install and then chat on an app you’ve never heard of before.
When a scammer or even a cybercriminal already has their hooks into a potential victim, they might fall for something like this, especially when they think the person on the other end of their phone is genuinely interested in them. For this reason, you always want to be extremely careful when someone you’re courting on a dating app asks you to switch to another app or service. If they send you a link to download an app though, your best course of action is to turn and run; under no circumstances should you click on the link.
Even if the link doesn’t take you to a third-party app store, it could take you to a phishing page designed to steal your credentials or even your money. As difficult as it is to date in person these days, meeting people in real life as opposed to online may actually be the better option if you don’t want to get scammed when looking for love.
How to stay safe from Android malware
When it comes to avoiding malicious apps and Android malware, the first and most important thing you can do is to limit the number of apps on your smartphone while being careful when installing any new apps.
You’re going to want to stick to official app stores like the Google Play Store, Amazon Appstore and the Samsung Galaxy Store instead of sideloading apps. Apps downloaded as APK files from third-party app stores don’t go through the same level of security checks as those distributed through official app stores. However, malicious apps can slip through the cracks which is why I recommend limiting the number of apps on your phone overall and even then, good apps can still go bad.
Fortunately though, Google Play Protect, which comes pre-installed on most Android phones, automatically scans all of your existing apps and any new ones you download for malware. For extra protection though, you also might want to consider one of the best Android antivirus apps as many of them include additional security software like a VPN or even a password manager alongside malware protection.
As for this latest batch of malicious apps, a Google spokesperson provided further insight on them in an email to Tom’s Guide, saying:
"We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. All of the reported apps are no longer on Google Play. Users are protected by Google Play Protect, which can warn users of apps known to exhibit this malicious behavior on Android devices with Google Play Services, even when those apps come from sources outside of Play."
Since cybercriminals are always coming up with new ways to deliver their malware though, this likely won’t be the last time we see malicious apps used to attack Android users. However, if you remain cautious — especially when talking to strangers online — and follow the guidance above, you should be able to steer clear of malicious apps and keep you and your data safe.