Fake Chat App On Android Steals Signal and WhatsApp Data

Fake chat apps are on Android, stealing data.

CYFIRMA researchers recently uncovered a new Android malware campaign targeting users through a deceptive chat app called ‘Safe Chat, The attackers employ WhatsApp phishing to lure victims into downloading the fake app.

Once installed, the app gains the user’s trust with authentic-looking pages and permission requests. In the background, however, the app’s malware silently infiltrates the devices.

The app tricks users with a “Initializing secure connection” landing page, convincing them it is a secure chat app. It then requests various permissions, including battery optimization and running in the background. Upon granting these permissions, users encounter a login page, followed by a request for Accessibility settings permission. Granting this access allows the malware to record the screen without the user’s knowledge.

The app cleverly conceals its malicious activity, displaying a dummy page for adding contacts and chatting while actually accessing dangerous permissions like location, contacts, SMS messages, file storage, and call logs. Additionally, the malware interacts with other chat apps, potentially stealing data from WhatsApp, Signal, Telegram, or Facebook Messenger. report said

South Asian users are among the victims

The researchers traced this malicious campaign back to APT Bahamut, a threat actor group known for targeting users in South Asia and the Middle East since 2017. CYFIRMA highlighted that Bahamut’s activities are similar to the state-backed Indian threat actor group “DoNot.” This campaign likely spread through WhatsApp, so users should avoid interacting with links from unknown sources. Beware of abrupt links, app invites, or attachments from known sources or contacts. Confirm the message’s legitimacy through other means before clicking the link or accepting an app invite to prevent this malware attack.for more similar News