Android spyware found hiding out in Play Store; delete these two apps now!

1comment
Android spyware found hiding out in Play Store; delete these two apps now!
A pair of malicious apps were discovered in the Google Play Store recently by cybersecurity firm Cyfirma. The latter said that the apps were used by state-sponsored threat actors to collect location data and contact lists from targeted devices. Cyfirma, with medium confidence, says that the attack comes from a hacking group in India called "DoNot." The attacks have been spotted in Pakistan.

The two apps in the Play Store are nSure Chat and iKHfaa VPN. The latter copied code from a legitimate app called Liberty VPN (virtual private network used by those browsing the internet to avoid being tracked) and added additional code to access and collect the contacts list and discover the location of the target. The app also continued tracking the location of the target in real-time.


While most VPNs do not ask for permission to use location and contacts, iKHfaa VPN does. This made Cyfirma suspicious enough to dig deeper to find that "DoNot" was the attacker behind the malware. When installing the VPN app, it would also show a pop-up asking users to "turn on device location, which uses Google's location service. If the GPS on the targeted person's phone is on and active, the malicious app will be able to figure out the current location of the target. If not, the previous location will appear.


The two aforementioned apps, and a third one from the same developer (which does not appear to be malicious), remain in the Google Play Store. If you have either one installed on your phone no matter where you live, make sure to uninstall them as soon as possible. The name of the developer is SecurITY Industry and the number of downloads for the malicious apps is low which means that they are aimed at specific targets even though they appear in Google's app storefront.


Remember, one of the best ways to prevent yourself from installing a malicious app on your phone to read the comments section. Look for red flags such as complaints from those who installed the app about their phones running too hot, running too slow, and suffering from rapid battery depletion. These are some of the signs that should make you run away from an app instead of installing it.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless