Researchers from ESET Security have uncovered a seemingly malicious app on Android that encroachers on users data. Here is everything you need to know to deal with these issues.
The researchers identified the app as "Welcome Chat" which cloaks as a secure messaging app to target Android users, but in fact, are present to "steal" their information. They published the details in a blog post, saying these are belonging to a campaign on cyberespionage, Express reported.
The researchers stated, "We discovered a new operation within a long-running cyber-espionage campaign in the Middle East. Targeting Android users via the malicious Welcome Chat app, the operation appears to have links to the malware named BadPatch, which MITRE links to the Gaza Hackers threat actor group known also as Molerats."
What does this imply?
The app could also be in the form of spyware, and in the presence of codes for spying Thus, they concluded that the app has the ability to spy on users as they pretend to deliver quality services upfront.
Instant messaging is changing the lives of many, except when there are security breaches.
This Welcome Chat app lures users in a dedicated website reportedly created in Arabic. Available via Google Play Store, the app was further studied by the researchers.
"The malicious website promotes the Welcome Chat app, claiming it's a secure chat platform that is available on the Google Play store. Both claims are false. In regard to the 'secure' claim, nothing is further from the truth. Not only is Welcome Chat an espionage tool; on top of that, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store," ESET Security reiterated in the blog.
Google Play Store
The website is said to be available on Google Play Store, and claims to be a secure instant messaging platform.
However, the researchers found there are no security terms and conditions relevant to the app. In fact, with the data it allegedly takes from the users, they may leave it publicly around the web. It reportedly posts the data to servers via insecure HTTP to expose the data to people.
Also Read: Astronomers Create Largest 3D Map of the Universe That Resolved a 'Troublesome Gap' About the Outer Space
Aaron Brown wrote on Express, "Clearly, this would be bad for any popular app. But one that specifically advertises itself on its ability to keep users' messages, calls, videos and files safe from prying eyes could lead users to send content they wouldn't otherwise trust within an app."
Also Read: China Says Huawei is 'the Future' But Its Stature is Actually Shaky Even in Southeast Asia [Reports]
Now looking at the app as a spyware, the researchers also suspected it to be a Trojan version. In their investigation, it has been revealed that the app was intentionally designed to cloak as a chat platform, but in fact a spyware.
How to avoid
To avoid being a victim, it is important to know how it may be in your devices. Once the user downloads apps, be sure to enable the setting "Allow installing apps from unknown sources" since this will prevent unknown apps from vehemently getting into your devices.
Soon after installation, the app may request permissions to access files, record audio, and access contacts from your location. Be wary of these. For more information about tech security, keep reading through the Tech Times website.
