Safe Chat or Safe Hack? New Android Malware Raises Concerns

Reading Time: ( Word Count: )

August 1, 2023

Security experts are sounding the alarm on a fresh case of Android malware hidden within a dubious application, primarily spreading throughout South Asian regions.

As per the cybersecurity firm Cyfirma, a so-called “mock chatting app” known as Safe Chat on the devices it infiltrates appears to require an unusually high level of permissions, especially compared to other similar malware instances it has been contrasted with.

Following a detailed examination of the malware, Cyfirma has expressed concerns that this latest onslaught could be another operation conducted by the Indian APT hacking group known as Bahamut. Once the Safe Chat app is disseminated via WhatsApp and installed, it triggers a sequence of pop-up prompts, one of which asks the user to permit background activity and disregard battery optimizations, consequently providing the hacker with ongoing access to the compromised device.

Also Read: Android Malware Discovered on Google Play Store

New Android Malware Raises Concerns

A subsequent prompt requests access to the device’s accessibility functions and, by extension, data such as keystrokes. The intruder could gain additional details, including the victim’s location, contact list, file storage, SMS messages, and call records.

This malicious software is believed to be a variant of the previously identified Coverlm, which targeted information from applications such as WhatsApp, Signal, and Telegram. The research team also identified parallels in the strategies implemented in this campaign and another led by APT DoNot, both of which prioritized the same geographic region and shared a focus on espionage.

In light of its findings, Cyfirma states that the analysis “strongly suggests that the APT group orchestrating the attack has connections to Indian territory and operates in favor of a specific nation-state government.”

When TechRadar Pro sought further details about the previous DoNot attack from Google, a company representative confirmed that the harmful apps were taken down from the Play Store. They also mentioned that “Google Play Protect safeguards users from apps identified to carry this malware on Android devices equipped with Google Play Services, even when those apps are sourced elsewhere.”

Currently, the company still needs to respond to our query specifically related to this instance.




Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Wi-Fi Security Key vs. Password: Unraveling the Difference

Wi-Fi Security Key vs. Password: Unraveling the Difference

In the digital age, where connectivity is king, securing our Wi-Fi networks is paramount. When it comes to ...
Instagram Security Code Not Working

Instagram Security Code Not Working

In the realm of social media, Instagram stands as one of the most popular platforms for sharing moments, ...
T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of ...
Best Anonymous Crypto Wallet

Best Anonymous Crypto Wallet

Many Bitcoin users value their anonymity. You must ensure that your personal information and digital assets are ...

Submit a Comment

Your email address will not be published. Required fields are marked *