A chat application for Android claiming to be a secure messaging platform comes with spying functionality and stores user data in an unsecured location that is publicly available.
Welcome Chat targets users from a specific region of the world and relies on open source code for recording calls, stealing text messages, and tracking.
Normal chat app permissions
The developers of Welcome Chat promoted it as a secure communication solution that is available from the Google Play store. Its intended audience are Arabic-speaking users. It’s important to note that some countries in the Middle East ban this type of apps.
Researchers at cybersecurity company ESET found that the app delivers more than the advertised chat functions and it was never part of the official Android store.
Apps outside Play Store require users to allow installation from unknown sources, which happens in the case of Welcome Chat.
If users fail to heed this red flag, the app asks for permission to send and view SMS messages, access files, record audio, and access contacts and device location. These permissions are normal for a chat app.
Open source code for spying
nce it gets the consent from the user, Welcome Chat starts sending out information about the device and contacts its command and control (C2) server every five minutes for commands.
The researchers say that monitoring the communication with other Welcome Chat users is at the core of this malicious app, which is complemented by the following malicious actions:
exfiltrate sent and received text messages
steal call history log
steal the victim’s contact list
steal user photos
exfiltrate recorded phone calls
send the GPS location of the device alon ..
Support the originator by clicking the read the rest link below.
