WhatsApp, Telegram, Signal, and Facebook Messenger users have been put on high alert as the latest threat to their chat data has emerged in the form of “Safe Chat” — a fake instant messaging app.
The impostor app is convincingly designed but has no intention of allowing peer-to-peer communication — instead, the app’s primary goal is to spread the “CoverIm” malware, previously weaponized across the murky gizzards of the Google Play Store by APT (Advanced Persistent Threat) group ‘DoNot’.
Safe Chat: It’s anything but
According to CYFIRMA, the analysts who exposed the Android security threat, the spread of the fake messaging app is done primarily through social engineering across instant messaging services like WhatsApp. Here, a victim will be tricked into believing they are downloading a more secure platform with which to talk over — unsuspectingly opening themselves up to further exploitation.
Safe Chat’s convincing user interface tricks victims into accepting a series of permissions under the guide of setting up a secure and safe chat environment. However, in actuality, the imposter app uses these permissions to begin the act of data extraction before the victim is even aware something is wrong.
The malware housed within the Safe Chat app will then begin to capture screen activity including keystrokes — and thanks to previously accepted permissions to ignore battery optimization and background usage it will continue to do so even while minimized or closed.
CoverIm Malware — How bad is it?
This particular instance of the CoverIm malware is particularly nefarious, especially when paired with its expanded privileges through the accepted Safe Chat permissions. As well as acting as a keylogger for keystrokes the malware is also capable of accessing precise locations through GPS, accessing your contacts list, SMS messages, call logs, and even external storage on your device.
The malware will also begin monitoring other messenger apps like WhatsApp, Signal, Telegram, and even Facebook Messenger for further data — all of which can then be transmitted to a C&C (Command and Control) server where attackers can then obtain all gathered information.
Outlook
Due to Safe Chat’s social engineering delivery method, there’s no clear indication of how many users may be affected by the malware, though it is believed that the majority of those infected reside in South Asia.
That being said, successful campaigns like this will often breed copycat attempts, so ensure you start alert across instant messaging apps and only install apps from trusted sources and storefronts.
If you have the Safe Chat app on your device delete it immediately before clearing your cache and running a full scan with an antivirus app of your choice.
For news, rumors, and updates on all things security and tech, follow Laptop Mag on Twitter, Facebook, and Flipboard for the latest word as it arrives.
