How a heart attack in a chat can result in a complete loss of privacy.
In a new malware campaign allegedly sponsored by the Indian government, malicious hackers have targeted Pakistan, using romantic scams to spread spyware.
A group called Patchwork created at least 12 malicious Android apps, including MeetMe, Let's Chat, Quick Chat, Rafaqat and others, which were distributed for some time through Google Play and other platforms with applications. Total downloads exceeded 1,400 times before Google designated these apps as malicious.
The spread of malicious software was reported by experts from the Slovak company ESET, specializing in cybersecurity and data protection.
Although some of the victims of the campaign were located in Malaysia and India, researchers believe that these users accidentally downloaded infected applications, while the main target of Patchwork was users from Pakistan.
Active since December 2015, Patchwork hackers have previously attacked Pakistan with phishing attacks. Now, the attackers have used romantic scams, trying to "seduce" victims through legitimate communication channels, and then convincing them to download malicious messengers, positioning them as more secure.
All identified apps required users to create an account and enter their phone number for verification via SMS. After infecting devices with malicious VajraSpy software, hackers were able to extract contacts, SMS messages, call logs, device location, a list of installed applications, and files with certain extensions.
More advanced malicious apps could also intercept messages from other apps, including WhatsApp and Signal. One of the applications reviewed by experts, Wave Chat, even had a record of phone conversations, including calls via WhatsApp, Signal and Telegram, recorded keystrokes, took photos, recorded audio from a microphone and scanned Wi-Fi networks.
ESET experts did not specify who exactly the hackers wanted to reach in Pakistan, but in previous campaigns, Patchwork attacked people with access to universities, research organizations and government agencies.
In a new malware campaign allegedly sponsored by the Indian government, malicious hackers have targeted Pakistan, using romantic scams to spread spyware.
A group called Patchwork created at least 12 malicious Android apps, including MeetMe, Let's Chat, Quick Chat, Rafaqat and others, which were distributed for some time through Google Play and other platforms with applications. Total downloads exceeded 1,400 times before Google designated these apps as malicious.
The spread of malicious software was reported by experts from the Slovak company ESET, specializing in cybersecurity and data protection.
Although some of the victims of the campaign were located in Malaysia and India, researchers believe that these users accidentally downloaded infected applications, while the main target of Patchwork was users from Pakistan.
Active since December 2015, Patchwork hackers have previously attacked Pakistan with phishing attacks. Now, the attackers have used romantic scams, trying to "seduce" victims through legitimate communication channels, and then convincing them to download malicious messengers, positioning them as more secure.
All identified apps required users to create an account and enter their phone number for verification via SMS. After infecting devices with malicious VajraSpy software, hackers were able to extract contacts, SMS messages, call logs, device location, a list of installed applications, and files with certain extensions.
More advanced malicious apps could also intercept messages from other apps, including WhatsApp and Signal. One of the applications reviewed by experts, Wave Chat, even had a record of phone conversations, including calls via WhatsApp, Signal and Telegram, recorded keystrokes, took photos, recorded audio from a microphone and scanned Wi-Fi networks.
ESET experts did not specify who exactly the hackers wanted to reach in Pakistan, but in previous campaigns, Patchwork attacked people with access to universities, research organizations and government agencies.
