You might think that downloading an app from the app store is safe and easy, right? Well, not always. Sometimes, you might actually end up with a nasty surprise: an app that is actually spyware hiding behind a fake name and icon.
That’s what the VajraSpy RAT does. It’s a Trojan that targets Android devices and steals your data without you knowing. This is a real threat that has affected many Android users.
Although VajraSpy has been removed from the Google Play Store, it’s still lurking out there on third-party app stores. Also, VajraSpy and the Patchwork APT group behind it are still active. They may attempt to infiltrate other platforms or modify their tactics to evade Google’s detection in the future.
To protect yourself, here’s what you need to know about VajraSpy RAT, the cyber espionage tool that’s infiltrated Google Play on Android.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Illustration of a hacker (Kurt “CyberGuy” Knutsson)
What is cyber espionage tool VajraSpy RAT?
VajraSpy is a remote access Trojan (RAT), which is a type of malware that’s designed to allow an attacker to control an infected device remotely. To get the RAT on your devices, scammers need you to download it to your system. Once the RAT is running on a compromised system — in this case, your Android — the attacker can send commands to it and receive data back in response.
MORE: HOW TO CHANGE YOUR PRIVACY SETTINGS ON YOUR ANDROID DEVICES
What are some of cyber espionage tool VajraSpy’s capabilities?
Some of VajraSpy’s capabilities are accessing and taking your contacts, photos and messages. This even includes encrypted messages like those on WhatsApp. Also, searching and exfiltrating documents, images, audio and other types of files.
In addition, it can listen in on and record your phone calls (if granted the appropriate permissions) and activate your device’s camera to take pictures, turning it into a surveillance tool.
A person on social media on their Android (Kurt “CyberGuy” Knutsson)
MORE: BEWARE OF NEW ANDROID MALWARE HIDING IN POPULAR APPS
How does cyber espionage tool VajraSpy RAT get onto your Android device?
VajraSpy gets onto an unsuspecting victim’s device via a malicious app. When the RAT was first discovered, it was on apps that were found on Google Play sometime between April 1, 2021, through Sept. 10, 2023.
ESET researchers uncovered the campaign report in 2022 when Patchwork APT — a hacking group primarily targeting people in Pakistan that’s been around since 2015 — exposed their campaign after unintentionally infecting their own infrastructure with another RAT they were experimenting with.
When this was leaked and VajraSpy was discovered, the infected apps on Google Play were taken down. But they can still be found in third-party apps, with some still getting through to Google Play anyway.
What are the third-party apps?
VajraSpy has been disguising itself primarily in news and messaging apps on Android. Some of the apps that researchers know about include:
- Rafaqat رفاقت
- Privee Talk
- Chit Chat
- Hello Chat
- YohooTalk
- MeetMe
- Let’s Chat
- Quick Chat
- TikTalk
- Nidus
- GlowChat
- Wave Chat
Google Play Protect protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. If, for some reason, you still see these apps on your phone, be sure to manually uninstall them.
How to uninstall apps on Android
Settings may vary depending on your Android phone’s manufacturer.
- Open the Settings app
- Scroll down and select Apps
- Tap on the app you want to delete and select Uninstall
- Confirm your choice by tapping OK or Uninstall again
Have good antivirus software on all your devices
We also recommend going beyond Google Play Protect to keep yourself from having your data breached. As we all know, free is not always the way to go, especially when we are talking about antivirus protection. Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Find my review of Best Antivirus Protection here.
How to keep yourself safe from cyber espionage tool VajraSpy RAT and other Trojans
Remember, the bad guys behind VajraSpy and similar malware perpetrators are pretty quick. They keep infecting new apps with this Trojan, so always keep an eye out by using the following tips:
Tip #1 – To avoid getting your Android infiltrated by VajraSpy RAT, don’t download any apps that are recommended by someone you don’t know or don’t know well. And if the message does come from someone you know, always be a little skeptical, especially if you have never heard of the app.
Tip #2 – Make sure to only download apps from reputable app stores you’re familiar with, too. Keep in mind, though, that these bad actors are able to get new apps to slip through the cracks of Google Play time and time again. Therefore, it’s important to employ a mix of different strategies to keep yourself safe.
Tip #3 – One way to know whether or not an app is safe is by looking at how many downloads it has. If it has a small number of downloads, chances are it could be a scam. Also, look at how many reviews it has and what those reviews are and do a quick check to see if someone mentioned it as a scam or not. A good rule of thumb is if you don’t need it, and you’re not sure, don’t download it.
The good news is that compared to other spyware apps, VajraSpy hasn’t been that successful. We know this by looking at the amount of downloads/installations of the apps it disguises itself as. That being said, those third-party app stores where you can still find a lot of these malicious apps don’t track downloads well, so it’s hard to know how many victims fell for VajraSpy there.
A man on his Android phone (Kurt “CyberGuy” Knutsson)
MORE: BEWARE OF THIS MCAFEE GOOGLE CHROME AD SCAM
Kurt’s key takeaways
Though there are much bigger scams to be concerned with, letting your guard down could make you more vulnerable to attacks like this cyber espionage tool called VajraSpy RAT. To protect your Android and your data, just remember to be cautious if you see an invitation to download a messaging app from someone you don’t know well. Also, invest in antivirus software to protect your Android.
Have you ever received a strange message that asked you to download an app? What happened? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
