According to Mashable, ESET cybersecurity researchers have identified six malicious Android apps that reportedly spy on users and record their conversations. These apps can extract WhatsApp and Signal messages and run VajraSpy remote access trojan code after installation. One app called WaveChat could even record background audio when users weren’t actively using their phone’s microphone. The apps were primarily targeted at users in India and Pakistan and were downloaded approximately 1,400 times. Researchers believe the threat actors used honey-trap romance scams to lure victims into installing the malware. The malicious apps included Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat رفاق, and Chit Chat, though the popular MeetMe app with over 100 million downloads isn’t related to these spyware versions.
Sponsored content — provided for informational and promotional purposes.
Why This Matters
Here’s the thing – we’ve all joked about our phones listening to us, but this is that fear made real. These apps weren’t just collecting basic data; they were actively recording conversations and pulling messages from encrypted platforms like WhatsApp and Signal. That’s next-level invasive. And while the download numbers seem relatively small at 1,400, how many people need to be spied on before it becomes a serious problem? The fact that these made it onto the Google Play Store at all should concern everyone who downloads apps thinking they’re safe.
The Humans Behind The Hacks
What’s particularly clever about this operation is how the attackers preyed on human emotions. ESET researchers concluded that Patchwork APT used romance scams to trick people into installing the malware. Basically, they created fake relationships to build trust. Even more interesting – one app was uploaded by someone using the name Mohammad Rizwan, which happens to be a famous Pakistani cricket player. That’s not a coincidence. They’re leveraging real cultural touchpoints to make their traps more convincing. It’s social engineering at its most effective.
The Bigger Picture
This isn’t an isolated incident. Back in October, ESET found two spyware apps disguised as Signal targeting UAE users. And we’ve seen imposter Sora apps recently too. The pattern is clear – malicious actors are getting better at mimicking legitimate apps and slipping past store defenses. So what can you do? Be incredibly careful about what permissions you grant apps. Does that new chat app really need microphone access? Probably not. And only download from developers you know and trust. The days of blindly trusting app stores are over.
What’s Next
Google will likely remove these specific apps, but the underlying problem remains. As ESET’s ongoing research shows, sophisticated threat groups like Patchwork APT are constantly evolving their tactics. They’re targeting specific regions with culturally relevant lures, and they’re getting their malware into official app stores. The silver lining? This particular campaign had limited reach and wasn’t targeting US users. But the techniques could easily be adapted for broader attacks. The takeaway? Assume every app could be suspicious until proven otherwise. Your privacy depends on it.
