In a recent development, the NSO Group has once again caused concern around digital security with the deployment of the Pegasus malware in Jordan to spy on journalists and activists. This high-profile case has led to Apple filing a lawsuit against NSO Group, highlighting the extent of the threat posed by these types of activities.
Security experts at ESET have identified at least 12 Android apps, many of which are disguised as chat apps, that are actually planting a Trojan on users’ phones to harvest sensitive data. The information being stolen includes call logs, messages, remote access to the camera, and even details from end-to-end encrypted platforms like WhatsApp.
The affected apps include YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Users are advised to delete these apps immediately if they are installed on their devices.
A chat app doing serious damage
According to ESET’s findings, “It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera.”
We recently reported on how bad actors are abusing push notifications on phones and selling the data to government agencies, while security experts told Digital Trends that the only fool-proof way to stop this is to disable notification access for apps.
