cybercriminals have distributed a application of fraudulent chat call SafeChatthat contains a ‘spyware’ able to steal call logsaccess the text messages and to the locations of the infected phones.
They have been able to find out CYFIRMA researchers, who have located this type of attacks in the South Asian region, where it would be operating the group of APT Bahamut, a group to which link this fraudulent appalthough “traces of techniques used by DoNot APT” have also been detected.
We recommend you: Little bird from Twitter could return to your hands with a simple trick
This new malwareidentified as Coverlm, exhibits a similar mechanism to another of DoNot APT distributed via Google play. Unlike the latter, however, “has more permissions and therefore presents a higher threat level”, according to the cybersecurity firm.
Coverlm is integrated into the chat app fraudulent SafeChat, which in turn is distributed through WhatsApp and that allows threat actors extract all the information necessary of the infected devices before they realize that it is a fraudulent ‘app’.
According to CYFIRMA research, once a installed this application, is placed in the main menu with a shortcut icon. Once open, it notify user that you are starting a application of secure chat.
Then it prompts the user that enable a permission to optimize the battery while it is being used, as well as for allow its operation in the background. In that way, the app will continue to work regardless of whether it has minimized or closed. In addition, this permit will allow the command and control is communicate freely with the app.
SafeChat will open, once granted these permissionsa registration page in which a form with fields like ‘name’, ‘Username‘, ‘password’ and ‘Confirm Password‘. After completing it, the ‘app’ returns to request permission express of the victim.
Take a look: Instagram will start tagging content generated by AI
According to him analysis this security signatureThis application fraudulent is able to do a location trackingcollect and archive victim dataaccess and save the call log and SMS messages, as well as knowing the updated contact list.