%20(4).png)
In a recent joint investigation, cybersecurity leaders Avast and Phone Arena uncovered concerning evidence that 12 apps available on the Google Play Store contain secretly embedded espionage software. This remote access Trojan, identified as VajraSpy, has the ability to infiltrate users’ devices and surveil them without consent.
The 12 apps in question are: Rafaqat, Privee Talk, MeetMe, Let's Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat - have collectively amassed millions of downloads from unknowing users. On the surface, these apps appear to function as regular messaging platforms. In reality, they have been covertly utilizing VajraSpy to enable remote surveillance and data extraction once installed.
Equipped with permissions for camera, microphone, contacts and more, VajraSpy can secretly monitor users’ communications, geolocate devices, and extract sensitive personal information without triggering notifications or indications of its concealed activity. The software can even intercept calls and messages made through established secure platforms like WhatsApp and Signal.
In addition to privacy risks, the transmission of full device profiles and locations back to threat actors presents critical security vulnerabilities. Bad actors now have deep insight into victims’ online habits and physical whereabouts.
Avast has promptly issued warnings, strongly recommending all users immediately remove these apps and delete accounts associated with them. The threat landscape is continuously evolving, and espionage tools like VajraSpy exemplify the importance of vigilantly safeguarding personal data and consent when granting application permissions.
As technology advances, so too must our collective efforts to proactively identify deceptive practices that put user security and privacy at risk. Only by exercising heightened awareness and caution can we stay steps ahead of those seeking exploitative access through increasingly sophisticated means. Avast urges the public to heed this notice and take appropriate protective action.