What you need to know about VajraSpy RAT, the cyber espionage tool that infiltrated Google Play

You might think that downloading an app from the app store is safe and easy, right? Well, not always. Sometimes, you might actually end up with a nasty surprise: an app that is actually spyware, hiding behind a fake name and icon. That’s what the VajraSpy RAT does. It’s a Trojan that targets Android devices and steals your data without you knowing. This is a real threat that has affected many Android users.

Although VajraSpy has been removed from the Google Play Store, it’s still lurking out there on third-party app stores. Also, VajraSpy and the Patchwork APT group behind it are still active. They may attempt to infiltrate other platforms or modify their tactics to evade Google’s detection in the future.

To protect yourself, here’s what you need to know about VajraSpy RAT, the cyber espionage tool that’s infiltrated Google Play on Android.

 

What is cyber espionage tool VajraSpy RAT?

VajraSpy is a Remote Access Trojan (RAT), which is a type of malware that’s designed to allow an attacker to control an infected device remotely. To get the RAT on your devices, scammers need you to download it to your system. Once the RAT is running on a compromised system — in this case, your Android — the attacker can send commands to it and receive data back in response.

 

MORE: HOW TO CHANGE YOUR PRIVACY SETTINGS ON YOUR ANDROID DEVICES

 

What are some of cyber espionage tool VarjaSpy’s capabilities?

Some of VarjaSpy’s capabilities are accessing and taking your contacts, photos, and messages. This even includes encrypted messages like those on WhatsApp. Also, searching and exfiltrating documents, images, audio, and other types of files.

In addition, it can listen in on and record your phone calls (if granted the appropriate permissions) and activate your device’s camera to take pictures, turning it into a surveillance tool.

 

MORE: BEWARE OF NEW ANDROID MALWARE HIDING IN POPULAR APPS

 

How does cyber espionage tool VarjaSpy RAT get onto your Android device?

VarjaSpy gets onto an unsuspecting victim’s device via a malicious app. When the RAT was first discovered, it was on apps that were found on Google Play sometime between April 1, 2021, through September 10, 2023.

ESET researchers uncovered the campaign report in 2022 when Patchwork APT — a hacking group primarily targeting people in Pakistan that’s been around since 2015 — exposed their campaign after unintentionally infecting their own infrastructure with another RAT they were experimenting with.

When this was leaked, and VarjaSpy was discovered, the infected apps on Google Play were taken down. But, they can still be found in third-party apps, and some are still getting through to Google Play, anyway.

 

What are the third-party apps?

VarjaSpy has been disguising itself primarily in news and messaging apps on Android. Some of the apps that researchers know about include:

  • Rafaqat رفاقت
  • Privee Talk
  • Chit Chat
  • Hello Chat
  • YohooTalk
  • MeetMe
  • Let’s Chat
  • Quick Chat
  • TikTalk
  • Nidus
  • GlowChat
  • Wave Chat

Google Play Protect protects users by automatically removing apps known to contain this malware on Android devices with Google Play Services. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. If, for some reason, you still see these apps on your phone, be sure to manually uninstall them.

 

How to uninstall apps on Android

Settings may vary depending on your Android phone’s manufacturer

  • Open the Settings app
  • Scroll down and select Apps
  • Tap on the app you want to delete and select Uninstall
  • Confirm your choice by tapping OK or Uninstall again

 

Have good antivirus software on all your devices

Special for CyberGuy Readers: 

Best Antivirus Protection 2024

 

 

How to keep yourself safe from cyber espionage tool VarjaSpy RAT and other Trojans

Remember, the bad guys behind VarjaSpy and similar malware perpetrators are pretty quick. They keep infecting new apps with this trojan, so always keep an eye out by using the following tips:

Tip #1 – To avoid getting your Android infiltrated by VarjaSpy RAT, don’t download any apps that are recommended by someone you don’t know or don’t know well. And, if the message does come from someone you know, always be a little skeptical, especially if you have never heard of the app.

Tip #2 – Make sure to only download apps from reputable app stores you’re familiar with, too. Keep in mind, though, that these bad actors are able to get new apps slipped through the cracks of Google Play time and time again. Therefore, it’s important to employ a mix of different strategies to keep yourself safe.

Tip #3 – One way to know whether or not an app is safe is by looking at how many downloads it has. If it has a small number of downloads, chances are it could be a scam. Also, look at how many reviews it has and what those reviews are, and do a quick check to see if someone mentioned it as a scam or not. A good rule of thumb is if you don’t need it and you’re not sure, don’t download it.

The good news is that compared to other spyware apps, VarjaSpy hasn’t been that successful. We know this by looking at the amount of downloads/installations of the apps it disguises itself as. That being said, those third-party app stores where you can still find a lot of these malicious apps don’t track downloads well, so it’s hard to know how many victims fell for VarjaSpy there.

 

MORE: BEWARE OF THIS MCAFEE GOOGLE CHROME AD SCAM

 

Kurt’s key takeaways

Have you ever received a strange message that asked you to download an app? What happened? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Is your Social Security number at risk? Signs someone might be stealing it

Updated Android malware can hijack calls you make to your bank

Robot dog is making waves with its underwater skills