Shillong, August 1: Hackers are using a fake Android chatting app called ‘SafeChat’ to steal data from targeted individuals in South Asia, including India.
The cyber-security firm Cyfirma discovered the advanced Android malware, which delivers a malicious payload directly through WhatsApp chat.
The attack has been linked to APT Bahamut, and previous incidents involving this group indicate that it may serve the interests of a specific nation-state government. APT Bahamut has targeted Khalistan supporters and posed an external threat to India, as well as aimed at military establishments in Pakistan and individuals in Kashmir, aligning with the interests of a nation-state government.
IANS reported that the Android spyware is suspected to be a variant of “Coverlm,” designed to steal data from communication apps like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. It operates similarly to previously identified malware from the notorious APT group ‘DoNot,’ but with more permissions, presenting a higher level of threat.
The malicious app, disguised as “Safe Chat,” appears genuine upon installation. Users are deceived into believing it is a secure chatting app until they unknowingly grant permission, allowing the threat actor to extract all necessary information. The app’s deceptive user interface successfully fools victims, making them unaware that the app is actually fake.
Based on the targets and evidence, Cyfirma strongly suggests that the APT group operates within Indian territory. This discovery highlights the importance of staying vigilant and cautious while using chatting apps and downloading any suspicious applications.