According to Mashable, ESET cybersecurity researchers have identified six malicious Android apps that secretly spy on users by recording conversations and extracting messages from WhatsApp and Signal. The apps used VajraSpy remote access trojan malware and were primarily targeted at users in India and Pakistan, with only around 1,400 total downloads. Researchers believe the threat actors used “honey-trap romance scams” to lure victims into installing the malware. One app called WaveChat could even record background audio when users weren’t actively using their phone’s microphone. The malicious apps included Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat, and Chit Chat, though researchers noted the popular 100-million-download MeetMe app is unrelated to these spyware versions.
Sponsored content — provided for informational and promotional purposes.
Why this matters
Here’s the thing – we’ve all joked about our phones listening to us, but this is that fear made real. These apps weren’t just collecting basic data – they were actively recording conversations and pulling messages from encrypted apps like Signal and WhatsApp. That’s next-level invasive. And the fact that they managed to get onto the Google Play Store, even briefly, should make everyone pause. It’s not like these were sideloaded from some sketchy website – they passed through Google’s security checks. Makes you wonder how many other malicious apps slip through the cracks, doesn’t it?
The humans behind the hacks
The social engineering here is actually pretty sophisticated. Romance scams? That’s playing on real human emotions and vulnerabilities. And one app apparently used the name of a popular Pakistani cricket player to seem legitimate. That’s clever targeting – people are more likely to trust something associated with a celebrity they admire. ESET researchers linked this campaign to Patchwork APT, which is a known threat group in cybersecurity circles. This isn’t some random hacker in their basement – it’s organized, targeted espionage.
The bigger picture
This isn’t an isolated incident either. Back in October, ESET found spyware apps disguised as Signal targeting users in the UAE. There’s a pattern here – malicious actors are getting better at mimicking legitimate apps and slipping past store defenses. And while the download numbers here were relatively small, the technical capability is what’s concerning. An app that can record audio even when you’re not using the microphone? That’s scary stuff. Basically, we’re seeing the weaponization of everyday apps, and the average user has no way to tell the difference between the real thing and a clever imitation.
What you can do
So what’s the takeaway? Be incredibly careful about what permissions you grant apps. Does that random chat app really need access to your microphone and messages? Probably not. Stick to well-known apps from reputable companies, and even then, question whether they need all the access they’re asking for. And remember – just because something’s in an official app store doesn’t automatically make it safe. Google and Apple do their best, but threat actors are constantly evolving their methods. Your digital safety ultimately depends on your own skepticism and caution.
