Security News > 2023 > July > Hackers steal Signal, WhatsApp user data with fake Android chat app
Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
Late last year, ESET reported that the Bahamut group was using fake VPN apps for the Android platform that included extensive spyware functions.
The analysts report that Safe Chat features a deceiving interface that makes it appear as a real chat app and also takes the victim through a seemingly legitimate user registration process that adds credibility and serves as an excellent cover for the spyware.
The app also requests the user to approve exclusion from Android's battery optimization subsystem, which terminates background processes when the user isn't actively engaging with the app.
"Another snippet from the Android Manifest file shows that the threat actor designed the app to interact with other already installed chat applications," explains CYFIRMA. "The interaction will take place using intents, OPEN DOCUMENT TREE permission will select specific directories and access apps mentioned in intent."