Explorer

Hackers Stealing WhatsApp Users' Data In India Via 'SafeChat' Android App: Report

The nature of the attack, coupled with past incidents involving APT Bahamut, indicates that it may have been executed to serve the interests of a specific nation-state government.

Cybersecurity firm Cyfirma has discovered a concerning development involving hackers using a deceptive Android chatting app called 'SafeChat' to steal data from targeted individuals in the region, including India. The malicious payload is delivered through WhatsApp chat, making it a potent threat to unsuspecting users. After conducting technical analyses, Cyfirma identified the Advanced Persistent Threat (APT) group Bahamut as the perpetrator behind this attack, according to IANS. 

The nature of the attack, coupled with past incidents involving APT Bahamut, indicates that it may have been executed to serve the interests of a specific nation-state government.

Previous instances show that APT Bahamut has targeted Khalistan supporters, who advocate for a separate nation, posing a significant external threat to India. Additionally, the group has aimed at military establishments in Pakistan and individuals in Kashmir, all aligning with the interests of a specific nation-state government.

ALSO ON ABP LIVE | Hackers Threatening Reddit With 80GB Sensitive Data Leak. Demand Ransom

Spyware Variant With Expanded Threat Capabilities

The Android spyware deployed in this attack is suspected to be a variant of "Coverlm," designed to steal data from various communication apps, including Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. Compared to previous versions distributed through the Google Play Store by the notorious APT group known as 'DoNot,' this new malware exhibits more permissions and presents a higher level of threat.

Deceptive App Interface

The 'SafeChat' app appears on the main menu after installation, creating a false sense of authenticity. Upon opening the app, users are notified that it is a secure chatting app, leading them to believe they are operating a legitimate platform. However, the hackers' true intentions are unveiled when the app requests permission and the data extraction process begins.

Based on their analysis of past and current targets, the Cyfirma team strongly suggests that the APT group operates within Indian territory.

Top Headlines

Wzatco Yuva Go Ultra Review: A Multiplex That Fits In Your Backpack (With Some Quirks)
Wzatco Yuva Go Ultra Review: A Multiplex That Fits In Your Backpack (With Some Quirks)
Alibaba Employees Can No Longer Use Claude Code. Here's Why
Alibaba Employees Can No Longer Use Claude Code. Here's Why
WhatsApp's New Green Dot On iPhone Tells You Exactly Who Is Online Right Now
WhatsApp's New Green Dot On iPhone Tells You Exactly Who Is Online Right Now
Amazon Prime Day 2026: 5 Deals Worth Checking Before The Sale Closes Tonight
Amazon Prime Day 2026: 5 Deals Worth Checking Before The Sale Closes Tonight

Videos

Big Update: Confusion Over Champat Rai’s Arrival as High-Stakes Session Set to Begin
Latest Update: Ram Temple Trust Meeting Delayed as Members Arrive; Champat Rai Reaches Venue, Anil Mishra Yet to Arrive
Breaking news: Champat Rai, Anil Mishra Skip Crucial Session on Their Resignations
BREAKING: Ram Temple Trust Convenes as Resignations of Two Senior Members Dominate Agenda Today
BREAKING: Ram Temple Trust Meeting Sees Key Absences as Senior Trustees Arrive Amid Questions

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget