6 Android apps reportedly recording users' conversations

We've all had that eerie feeling that our phone is listening to every word we say. And for some users, it really could be.

ESET cybersecurity researchers claim to have identified six malicious Android apps that reportedly spy on users, extract WhatsApp and Signal messages, and record their conversations. One of them, an app called WaveChat, could even record background audio when users weren't using their phone's microphone, according to ESET. After users download one of the malicious apps, the researchers say the apps run a remote access trojan (RAT) code known as VajraSpy.

The good news is that these VajraSpy spyware apps were not designed to target users in the United States, and the Android apps were only downloaded around 1,400 times. ESET researchers say the apps were primarily targeted at users in India and Pakistan. They concluded that "the threat actors behind the trojanized apps probably used a honey-trap romance scam to lure their victims into installing the malware."

The ESET research is outlined in a new post on WeLiveSecurity, an online publication and ESET partner. The researchers say they identified 12 spyware apps in total, including six Android apps available on the Google Play Store. The other six apps were available on VirusTotal, a well-known cybersecurity tool.

The malicious Android apps were called:

• Privee Talk

• MeetMe*

• Let’s Chat

• Quick Chat

• Rafaqat رفاق

• Chit Chat

*The researchers also noted that other apps by the same name may be available on the app store in your area. Specifically, the popular MeetMe app, which has been downloaded more than 100 million times, is not related to these spyware apps.

Remember: Just because an app is available on the Google Play or Apple App Store does not mean it is necessarily safe. Only download trusted apps from reputable companies, and be careful about what permissions you grant them. Malicious apps often mimic popular ones, as seen recently with imposter Sora apps.

In October, ESET researchers discovered two spyware apps disguised as the Android Signal app, targeting users in the United Arab Emirates.

Interestingly, one of the malicious VajraSpy apps may have preyed on fans of a popular Pakistani cricket player. One of the apps was uploaded by a user called Mohammad Rizwan, which is also the name of a popular professional cricket player (Rizwan is not associated with this scam).

ESET researchers concluded that the spyware apps were the work of Patchwork APT, a known threat in the cybersecurity world.