Fake Android Secure Messaging App ‘Welcome Chat’ Spies On Users

Heads up Android users! A fake secure messaging app is around luring Android users. “Welcome Chat”,  spies on users and isn’t secure at all.

Welcome Chat App Targeting Android

Researchers from ESET Security have found a malicious Android app actively targeting users. Named as Welcome Chat, the app poses as a secure messaging app to lure Android users, ultimately stealing their data.

Sharing the details in a blog post, the researchers described that they caught the app as part of a cyberespionage campaign.

In brief, analyzing the app revealed the presence of spying codes. Hence, they could deduce that the app stealthily spies on users while delivering the expected functionalities on the front.

Welcome Chat app primarily attracts users via a dedicated website built in the Arabic language. The site claims the app to be available on Google Play Store; however, it isn’t.

Moreover, the site also claims the app as a secure chat platform. Nonetheless, the researchers could find no security measures associated with the app.

In fact, whatever data it steals from the users, it leaves it all publicly available on the internet. It uploads all the data to the server via insecure HTTP, exposing the data to anyone.

Regarding its functionalities, the researchers described,

On top of its core espionage functionality – monitoring the chat communications of its users – the Welcome Chat app can perform the following malicious actions: exfiltrating sent and received SMS messages, call log history, contact list, user photos, recorded phone calls, the GPS location of the device, and device info.

App Intentionally Designed As Spyware

At first, the researchers suspected the app to be a Trojanized version. However, investigating the matter further revealed that the developed intentionally designed this chat app as spyware. Explaining this behavior, the researchers stated,

With this approach, the attackers have better control over the compatibility of the app’s malicious functionality with its legitimate functions, so they can ensure that the chat app will work.

Besides, the researchers suspect a possible link of this app with the Gaza Hackers group aka Molerats. It’s because this group ran a similar campaign targeting the Middle East back in 2017. At that time, they used the malware ‘BadPatch’.

For security, the researchers advise all users not to download any app from third-party sites except trusted developers. Moreover, users should remain careful about the permissions an app asks on their device. They should get rid of any app that behaves suspiciously.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients