Hackers are using a fraudulent Android application called "SafeChat" to infect devices with spyware, stealing data stored in popular messengers.
According to Bleeping Computer, the malicious software targets messaging apps like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
According to researchers from CYFIRMA, the Indian hacking group APT Bahamut is behind these attacks. Their latest tactics involve phishing messages distributed through WhatsApp.
The hackers often convince victims to install SafeChat, claiming it to be a safer platform for communication. The app's interface closely resembles that of a genuine messenger, and it even prompts users to go through a registration process, adding to its credibility.
During the profile setup, the fake messenger requests permissions for various data and functions, providing hackers with access to critical information.
CYFIRMA alleges that the hackers have connections with authorities from one of the Indian states. WhatsApp users are urged to remain cautious and only download applications from official and trusted sources to avoid falling victim to such schemes.