Hackers are exploiting WhatsApp users in South Asia, particularly in India, by using a fake Android chat app named 'SafeChat' to steal data through malicious payloads delivered via WhatsApp chat. Cybersecurity firm Cyfirma discovered this advanced Android malware targeting individuals in the region. The attack was attributed to APT Bahamut, which has targeted Khalistan supporters and posed an external threat to India. The malware is suspected to be a variant of "Coverlm," capable of stealing data from popular communication apps like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
Upon installation, the app named "Safe Chat" appears on the main menu, presenting itself as a secure chatting app. Once opened, a pop-up message prompts the user to allow permissions, initiating the hacker's attack. The app's deceptive user interface tricks users into believing its authenticity while extracting crucial information before users realize it is a fake app.
WhatsApp
Cyfirma reported that the APT group most likely operates within Indian territory based on its past and present targets, which include military establishments in Pakistan and individuals in Kashmir. The new Android spyware is linked to the notorious APT group known as 'DoNot,' but it possesses more permissions, making it a greater threat.
ALSO READ: India is in Apple's top five smartphone markets: Report
The attack underscores the importance of being cautious while downloading apps and granting permissions on Android devices. Users are advised to only download apps from official app stores and to verify app permissions before granting access to sensitive data. Regularly updating devices with the latest security patches is also crucial in preventing such attacks. Additionally, staying vigilant and being aware of potential phishing attempts and suspicious activities can help users protect their data and privacy from malicious actors.
ALSO READ: Bharti Airtel clears Rs 8,024 crore spectrum liabilities through prepayment
Inputs from IANS
