Hackers Stealing WhatsApp Users' Data In India Via 'SafeChat' Android App: Report

Cybersecurity firm Cyfirma has discovered a concerning development involving hackers using a deceptive Android chatting app called 'SafeChat' to steal data from targeted individuals in the region, including India. The malicious payload is delivered through WhatsApp chat, making it a potent threat to unsuspecting users. After conducting technical analyses, Cyfirma identified the Advanced Persistent Threat (APT) group Bahamut as the perpetrator behind this attack, according to IANS. 

The nature of the attack, coupled with past incidents involving APT Bahamut, indicates that it may have been executed to serve the interests of a specific nation-state government.

Previous instances show that APT Bahamut has targeted Khalistan supporters, who advocate for a separate nation, posing a significant external threat to India. Additionally, the group has aimed at military establishments in Pakistan and individuals in Kashmir, all aligning with the interests of a specific nation-state government.

ALSO ON ABP LIVE | Hackers Threatening Reddit With 80GB Sensitive Data Leak. Demand Ransom

Spyware Variant With Expanded Threat Capabilities

The Android spyware deployed in this attack is suspected to be a variant of "Coverlm," designed to steal data from various communication apps, including Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. Compared to previous versions distributed through the Google Play Store by the notorious APT group known as 'DoNot,' this new malware exhibits more permissions and presents a higher level of threat.

Deceptive App Interface

The 'SafeChat' app appears on the main menu after installation, creating a false sense of authenticity. Upon opening the app, users are notified that it is a secure chatting app, leading them to believe they are operating a legitimate platform. However, the hackers' true intentions are unveiled when the app requests permission and the data extraction process begins.

Based on their analysis of past and current targets, the Cyfirma team strongly suggests that the APT group operates within Indian territory.