Hackers are infecting devices with spyware malware that harvests call logs, texts, and GPS positions from phones by utilizing the phony Android app ‘SafeChat’.
The Android spyware is thought to be a variation of “Coverlm,” which steals data from messaging apps like Facebook Messenger, Telegram, Signal, WhatsApp, and Viber.
According to CYFIRMA experts, the campaign is being run by the Indian APT hacking outfit “Bahamut,” whose most recent attacks have been primarily spear phishing messages on WhatsApp that transfer the harmful payloads directly to the victim.
ESET revealed before the end of last year that the Bahamut group was employing phony Android VPN apps with substantial spyware features.