Security researchers say a batch of Android apps hiding a remote access trojan can record audio, steal messages and siphon sensitive data. If you use Android, this one’s worth a quick security sweep.
What happened
Researchers at ESET discovered a group of malicious Android apps carrying a remote access trojan (RAT) known as VajraSpy. These apps — disguised as chat or news tools — can record conversations, steal WhatsApp and Signal messages, and pull contact lists or other personal data. Six were briefly available on Google Play before removal, while others circulated through third-party stores and file-sharing sites.
The main details
- Malware type: VajraSpy, a RAT linked by ESET to the Patchwork APT group.
- How it spreads: Attackers used fake messaging or news apps promoted via social engineering, including romance or “honeytrap” tactics, especially targeting users in Pakistan and India.
- What it can do: The malware can secretly record ambient audio, read text messages and call logs, collect phone data, and upload stolen information to remote servers.
- Scale: Although the number of installs appears small (in the thousands or fewer), these attacks are designed for targeted surveillance, not mass infection.
Why it matters
Even if you’re not in the regions most affected, this campaign is worth noting for a few reasons:
- App store gaps: Malicious apps still occasionally slip through Play Store reviews before being removed. A listing on Google Play doesn’t automatically mean it’s safe.
- Targeted espionage: APT spyware focuses on persistence and stealth — it hides well and quietly exfiltrates data over time.
- Overlooked permissions: Many users grant microphone, SMS, and file access without hesitation — exactly the permissions spyware exploits.
What to do right now
Don’t panic — just take a few quick steps to check your phone:
- Go to Settings → Apps and look for any unfamiliar messaging or news apps. Delete anything suspicious or from unknown developers.
- Review app permissions. Remove microphone, SMS, or contacts access for apps that don’t need them.
- Watch your phone’s battery and data usage — unexplained spikes may indicate hidden background activity.
- Run a scan using a reputable mobile security app that detects RATs like VajraSpy.
- Reinstall only from trusted sources like the Play Store, checking developer names, ratings, and review patterns.
Good habits for the long term
- Limit sensitive permissions to “only while using the app.”
- Keep Android and all apps updated to close known vulnerabilities.
- Avoid sideloading APKs from unknown sites; stick to verified developers.
- Use encrypted messaging apps like Signal and enable features such as screen locks and encrypted backups.
What stands out about this case
Low numbers, big impact: Even small-scale campaigns can be significant. Targeted spyware often focuses on journalists, activists, or government workers, so install counts don’t tell the full story.
Social engineering at the core: The attackers relied heavily on fake identities and manipulated trust. Awareness — being cautious about unknown contacts, unsolicited app links, or “too good to be true” offers — is one of the strongest defenses.
The takeaway
ESET’s report is a reminder that mobile threats today are quiet, focused, and capable of serious data theft. Take a moment to audit your apps and permissions, uninstall anything suspicious, and keep your phone software up to date. If something feels off, back up your data and consider a full reset — then change passwords from a clean device.
Have you ever discovered a suspicious app or malware alert on your phone? Share what helped you spot it in the comments.
