WhatsApp and Facebook users using Android devices are warned after Cyfirma cybersecurity researchers found a malicious app that could compromise their text messages and other sensitive data.
The threat comes from a malware variant known as Bahamut, which has been infiltrating the Google Play Store, one of the largest marketplaces for mobile apps in the world. It is particularly dangerous, as it has more extensive permissions and poses a greater risk to users' privacy.
Camouflaged under the name "SafeChat", the hacker group used social engineering tactics, such as persuading users to move their conversations to a platform they claim is "more secure", to get this malicious app to be downloaded.
Once installed on an Android device, the app gave an attacker the ability to extract sensitive information without the knowledge of the owner of the affected mobile device.
Data that can be stolen includes text messages, call logs, and GPS locations; which represents a serious risk to the privacy and security of users.
Behind this malicious campaign is the Bahamut hacking group, whose activities have spanned since 2017 and is known for attacking platforms in multiple regions, including iOS, Android, and Windows.
Their focus is not limited to malware distribution only, as they have also used fake VPN apps for Android devices in the past, aiming to extract sensitive data and spy on messaging apps used by victims.
ESET researchers reportedly found at least eight versions of the Bahamut spyware, which they said could mean the campaign is well-maintained. Although the experts managed to identify and remove the malicious app from the Google Play Store, those who have already downloaded it will need to remove it from their device to avoid taking any risks.
Cybersecurity specialists warn that users should be cautious when downloading apps, as well as keep their security software on their mobile devices up to date. In addition, users are advised to be aware of any unusual behavior on their devices, as well as take precautions to safeguard their personal information and private communications.
