In India, hackers are collecting WhatsApp users’ data through a bogus Android messaging app
Hackers are using a fake Android chatting app named ‘SafeChat’ to steal data from targeted individuals in South Asia, particularly in India. The Android malware was discovered by cybersecurity firm Cyfirma and is believed to be the work of APT Bahamut, a threat actor with possible ties to a nation-state government.
The APT Bahamut group has previously targeted Khalistan supporters and military establishments in Pakistan, aligning with the interests of a specific nation-state government. The Android spyware is suspected to be a variant of “Coverlm,” which is capable of stealing data from various communication apps like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
The malware, disguised as the “Safe Chat” app, gains access to users’ data and personal information by deceiving them with a seemingly authentic user interface. The app requests permission upon installation, and once granted, the hackers can extract the necessary data discreetly, leaving the victim unaware that they are using a fake app.
Based on the targets and past activities, Cyfirma’s team suggests that the APT group operates within Indian territory. This indicates a serious cyber threat to individuals and organizations in the region, emphasizing the need for vigilance and cybersecurity measures.