Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

ESET Discovers A Chat App Spying On Users And Leaking Stolen Data

July 15, 2020 – ESET researchers have discovered a new operation within a long-running cyber-espionage campaign in the Middle East, apparently with links to the threat actor group known as Gaza Hackers, or Molerats.

Instrumental in the operation is an Android app, Welcome Chat, which serves as spyware while also delivering the promised chatting functionality. The malicious website promoting and distributing the app claims to offer a secure chat platform that is available on the Google Play store. Both those claims are false; the claim of being “secure” couldn't be further from the truth, according to ESET researchers.

“In addition to Welcome Chat being an espionage tool, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store,” says Lukáš Štefanko, the ESET researcher who conducted the analysis of Welcome Chat.

The Welcome Chat app behaves like any chat app downloaded from outside Google Play: it needs the setting “Allow installing apps from unknown sources” to be activated. After installation, it requests permission to send and view SMS messages, access files, and record audio, as well as requesting access contacts and device location. Immediately after receiving the permissions, Welcome Chat starts receiving commands from its Command and Control (C&C) server, and it uploads any harvested information. Besides chat messages, the app steals information such as sent and received SMS messages, history of calls, contact list, photos, phone call recordings and GPS location of the device.

“Unfortunately for the victims, the Welcome Chat app, including its infrastructure, was not built with security in mind. Transmitted data is not encrypted, and because of that, not only is it freely accessible to the attacker, but also to anyone on the same network,” comments Štefanko.

ESET researchers tried to establish whether Welcome Chat is an attacker-trojanized version of a clean app, or a malicious app developed from scratch. We did our best to discover a clean version of this app, to make its developer aware of the vulnerability. But our best guess is that no such app exists. Naturally, we made no effort to reach out to the malicious actors behind the espionage operation,” explains Štefanko.

The Welcome Chat espionage app belongs to a known Android malware family and shares infrastructure with a previously documented espionage campaign named BadPatch, which also targeted the Middle East. BadPatch has been attributed to the Gaza Hackers, aka Molerats, threat actor group. Based on this, we believe that this campaign with the new Android trojans comes from the same threat actors.


While the Welcome Chat-based espionage operation seems to be narrowly targeted, ESET strongly discourages users from installing apps from outside the official Google Play store – unless it’s a trusted source, such as the website of an established security vendor or some reputable financial institution. On top of that, users should pay attention to what permissions their apps require and be suspicious of any apps that require permissions beyond their functionality – and, as a very basic security measure, users should run a reputable security app on their mobile devices.

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Statistics New Zealand: COVID-19 Sees Record 12.2 Percent Fall In New Zealand’s Economy

Gross domestic product (GDP) fell by 12.2 percent in the June 2020 quarter, the largest quarterly fall recorded since the current series began in 1987, as the COVID-19 restrictions in place through the quarter impacted economic activity, Stats NZ said ... More>>

ALSO:

Climate: Scientists Release ‘Blueprint’ To Save Critical Ecosystems And Stabilize The Earth’s Climate

A group of scientists and experts produced the first comprehensive global-scale analysis of terrestrial areas essential for biodiversity and climate resilience, totaling 50.4% of the Earth's land. The report was published in Science Advances ... More>>

ALSO:

MPI: Independent Review Launched Into Assurances For Safe Transport Of Livestock By Sea

The Ministry for Primary Industries (MPI) has launched an independent review of the assurances it receives for the safe transport of livestock by sea. MPI Director-General Ray Smith says Mike Heron QC has been appointed to lead the review, which is expected ... More>>

ALSO:


Computers: New Zealand PC Market Grows Nearly 40% Due To Work From Home Demand

COVID-19 had large impacts on demand for PCs as businesses prepared for lockdowns by purchasing notebooks to mobilise their workforce. In the second quarter of 2020, New Zealand's Traditional PC market experienced a 39.7% year-on-year (YoY) growth ... More>>

ALSO:

Mediaworks: Reaches Agreement To Sell TV Operations To Discovery, Inc.

New Zealand’s largest independent commercial broadcaster MediaWorks and the global leader of real-life entertainment Discovery Inc. (“Discovery”) are pleased to announce they have reached a binding agreement regarding the sale of MediaWorks’ ... More>>

ALSO:

Ministry of Health: Public Transport Distancing Requirements Relaxed

Physical distancing requirements on public transport have been reviewed by the Ministry of Health to determine whether they are still required at Alert Level 2 (or below). The Ministry’s assessment is that mandatory face covering and individuals tracking ... More>>

ALSO:

NZHIA: New Zealand Hemp Industry Set To Generate $2 Billion Per Annum And Create 20,000 Jobs

A new report says a fully enabled hemp industry could generate $2 billion in income for New Zealand by 2030, while also creating thousands of new jobs. Written by industry strategist Dr Nick Marsh, the report has prompted calls from the New Zealand Hemp ... More>>

ALSO:

Stats NZ: One In 14 Employed People Report High Risk Of Losing Jobs

About one in 14 workers say they expect to lose their job or business by mid-2021, Stats NZ said today. A survey of employed people in the June 2020 quarter showed 7 percent felt there was a high or almost certain chance of losing their job or business ... More>>

ASB Quarterly Economic Forecast: NZ Economy Doing Better Than Expected, But Challenges Remain

August lockdown estimated to have shaved 8% off NZ’s weekly GDP, and 0.5% off annual GDP Economy now expected to shrink 5% (year-on-year) by end of 2020 Unemployment rate now expected to peak at 7.2% The latest ASB Quarterly Economic Forecast is less ... More>>

ALSO:

SAFE: Live Export Ship Carrying 5,800 New Zealand Cows Goes Missing In East China Sea

Livestock carrier Gulf Livestock 1 sent a distress signal at 4:45am NZT yesterday in the East China Sea. The area is affected by Typhoon Maysak. At 4pm a patrol plane spotted a lifeboat - with no people in it - and a man in lifejacket nearby. The ship ... More>>

ALSO:

FMA: Kiwisaver Fees Don't Match Performance

The Financial Markets Authority (FMA) today published an independent report into the passive and active investment management styles [i] used by KiwiSaver providers. The FMA commissioned MyFiduciary to test the extent that KiwiSaver providers were ... More>>