SafeChat – The New Android Spyware Emerges

Android users have the privilege to download content from all kinds of sources across the web. However, as convenient as this is, it’s also quite dangerous, especially when a threat actor is hosting the page. Unfortunately, cybercriminals constantly find new ways to target victims, and this time around, it’s through an app called SafeChat.

SafeChat Malware App

Using spear-phishing messages, a certain malicious group is taking advantage of WhatsApp to spread spyware malware that steals GPS locations, call logs, and texts from phones.

SafeChat is promoted as a safe way to carry out conversations. However, as it turns out, it’s completely the opposite. How are the threat actors perfecting this attack? What’s at risk? Who’s behind it? Find out below.

SafeChat – Not Safe at All

As we mentioned, Android users have the freedom to get their applications from any source they might stumble upon.

This makes it easy for cybercriminals to conduct all sorts of malicious activities and infect their devices with malware.

Fake applications are everywhere, even within Android’s official library – Google Play Store. A while ago, users were bombarded with trojanized applications spread on Google Play.

Now, a fake app that goes by the name of SafeChat is making its way to Android phones via messages on WhatsApp that send malicious payloads directly to the victim.

Such tactics require social engineering skills, and apparently, the threat actors have perfected this technique.

When the users receive a link on WhatsApp, they head over to a webpage to download the SafeChat client. Once they do so, the entire malicious process begins.

Safe Chat app

When the user launches the app, it’ll directly prompt him/her to allow specific permissions in order to proceed. That comes before asking for credentials.

SafeChat 2

Finally, the users get to submit their credentials, and another pop-up shows the need for another permission app to work properly.

SafeChat 4

Based on the report by CYFIRMA, whatever’s going on in the background of the Safe Chat Android app shows permissions that are being employed by the app with malicious intentions.

Permissions Dangerous

The cybersecurity firm also provided details on how each permissions works. The table below showcases how each and every permission is dangerous if exploited for malicious activity:

Permission Table

According to CYFIRMA, the group behind this attack is none other than APT Bahamut. The Indian APT hacking group is utilizing the malware to target individuals residing in South Asia.

Android Users Beware – Spyware is Everywhere

The Indian hacking group is out to get Android users in the South Asian region. Whatever you do, do not trust anyone that sends you links via social media.

This particular spyware steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

We all know that’s a lot of sensitive information to put at risk. Be careful and stay vigilant all the time.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top