More Android apps riddled with malware spotted on Google Play


An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.

The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.

Those installing the apps became infected with VajraSpy, allowing the malware to steal personal data, including contacts and messages, and depending on the granted permissions, even to record their phone calls.

ESET researchers who uncovered the campaign report that its operators are the Patchwork APT group, which has been active since at least late 2015, primarily targeting users in Pakistan.

In 2022, the threat actor unintentionally revealed details of their own campaign when they accidentally infected their infrastructure with the ‘Ragnatela’ RAT, a tool they were employing at the time. This misstep provided Malwarebytes with a window into the Patchwork’s operations.

The link between VajraSpy and the activity cluster that ESET identifies as Patchwork was first established by QiAnXin in 2022 (attributing to APT-Q-43), followed by Meta in March 2023, and Qihoo 360 in November 2023 (attributing to APT-C-52).

Android espionage

ESET researcher Lukas Stefanko found 12 malicious Android applications containing the same VajraSpy RAT code, six of which were uploaded on Google Play, where they were downloaded roughly 1,400 times.

The apps that were available on Google Play are:

  1. Rafaqat رفاقت (news)
  2. Privee Talk (messaging)
  3. MeetMe (messaging)
  4. Let’s Chat (messaging)
  5. Quick Chat (messaging)
  6. Chit Chat (messaging)

VajraSpy apps available outside Google Play are all bogus messaging apps:

  1. Hello Chat
  2. YohooTalk
  3. TikTalk
  4. Nidus
  5. GlowChat
  6. Wave Chat
Timeline of the campaign and apps used
Timeline of the campaign and apps used (ESET)

Third-party app stores do not report download counts, so the number of people who have installed them through these platforms

Read More ...

Google Play begins warning buyers if an app is riddled with problems

What you need to know

  • People have begun seeing Google Play’s new warning about apps with performance problems.
  • This warning will display if other entrepreneurs with an Android model equivalent to yours have expert a rash of problems with an app.
  • If an app’s crash fee is above 8% on any offered cellphone product, each and every owner of that telephone will see a warning to most likely steer them absent till it truly is fixed.

Google seems to have taken more actions to warn its users about applications that just usually are not slicing it.

Mishaal Rahman tweeted about the visual appearance of this new warning about applications that might prevent operating on your phone (by using Android Police). The new warning for buyers is backed up by data that Google has gathered about the specialized functionality of an app on units identical to the 1 you very own.

What’s far more, is that it seems like Google had programs to introduce this new warning procedure for the Enjoy Store back again in Oct. According to an Android Developers Website submit, Google’s quality bar per telephone design was launched thanks to some apps working perfectly good on some Android styles but not on other people. This introduced about a “bad habits threshold” that Google hopes builders will hold their applications less than.

The threshold was set at 8% for the consumer-perceived crash amount and user-perceived ANR fee. Everything over this will bring about the warning about the app on the Perform Retail store, which has started off showing up for some buyers.

Read More ...