Indian Hackers Lure Pakistani Victims To Install Malicious Android Apps

New Research revealed that some suspected Indian state-sponsored hackers have been using scams to lure victims in Pakistan into installing malicious apps. These are Android Apps designed to infect devices with spying malware. The group, dubbed Patchwork, developed at least 12 malicious Android apps and distributed them through Google Play and other platforms. These apps include MeetMe, Let’s Chat, Quick Chat, and Rafaqat, etc. A report from Slovak-based cybersecurity company ESET revealed that these apps were downloaded more than 1,400 times before they were flagged as malicious and removed by Google. Reports claim that a few hackers’ victims were located in Malaysia and India, however, those users might have accidentally downloaded the apps. Patchwork is actually intended to target users in Pakistan.

Patchwork Targets Pakistanis With Malicious Android Apps

The group Patchwork has been active since December 2015. The group has a history of attacking Pakistan with phishing attacks. In addition, ESET researchers found other indicators to prove that the group’s latest campaign was also directed against Pakistan. VajraSpy malware was also discovered which according to ESET was used in the latest campaign. VajraSpy is a customizable malware, usually hidden as a messaging application, used to exfiltrate user data.

In the latest attacks, the hackers used romance scams, trying to lure their victims romantically or sexually through legitimate apps. It then persuades them to switch to the malicious ones. All the apps recognized by ESET were messengers. Only one was a news app. The apps asked users to create an account and enter a phone number for SMS code verification. Hackers exfiltrated VajraSpy victims’ contacts, SMS messages, call logs, device location, a list of installed apps, and files with specific extensions.

Wave Chat had even more malicious capabilities. It can record phone calls, including those from WhatsApp, Signal, and Telegram, log keystrokes, take pictures using the camera, record surrounding audio, and scan for Wi-Fi networks. So, it is quite alarming. ESET hasn’t pinpointed who the hackers targeted in Pakistan. However, Patchwork has a history of attacking high-profile victims, including universities and research organizations in China, Pakistani government entities, and individuals with a research focus on molecular medicine and biological science.