Safe Chat or Safe Hack? New Android Malware Raises Concerns

Reading Time: ( Word Count: )

August 1, 2023

Security experts are sounding the alarm on a fresh case of Android malware hidden within a dubious application, primarily spreading throughout South Asian regions.

As per the cybersecurity firm Cyfirma, a so-called “mock chatting app” known as Safe Chat on the devices it infiltrates appears to require an unusually high level of permissions, especially compared to other similar malware instances it has been contrasted with.

Following a detailed examination of the malware, Cyfirma has expressed concerns that this latest onslaught could be another operation conducted by the Indian APT hacking group known as Bahamut. Once the Safe Chat app is disseminated via WhatsApp and installed, it triggers a sequence of pop-up prompts, one of which asks the user to permit background activity and disregard battery optimizations, consequently providing the hacker with ongoing access to the compromised device.

Also Read: Android Malware Discovered on Google Play Store

New Android Malware Raises Concerns

A subsequent prompt requests access to the device’s accessibility functions and, by extension, data such as keystrokes. The intruder could gain additional details, including the victim’s location, contact list, file storage, SMS messages, and call records.

This malicious software is believed to be a variant of the previously identified Coverlm, which targeted information from applications such as WhatsApp, Signal, and Telegram. The research team also identified parallels in the strategies implemented in this campaign and another led by APT DoNot, both of which prioritized the same geographic region and shared a focus on espionage.

In light of its findings, Cyfirma states that the analysis “strongly suggests that the APT group orchestrating the attack has connections to Indian territory and operates in favor of a specific nation-state government.”

When TechRadar Pro sought further details about the previous DoNot attack from Google, a company representative confirmed that the harmful apps were taken down from the Play Store. They also mentioned that “Google Play Protect safeguards users from apps identified to carry this malware on Android devices equipped with Google Play Services, even when those apps are sourced elsewhere.”

Currently, the company still needs to respond to our query specifically related to this instance.

Noor Khan

Noor Khan


My name is Noor, and I am a seasoned entrepreneur focused on the area of artificial intelligence. As a robotics and cyber security researcher, I love to share my knowledge with the community around me.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...

Submit a Comment

Your email address will not be published. Required fields are marked *