Spyware malware can receive text messages, call logs, GPS location data from platforms such as WhatsApp, Telegram, Viber, Signal, and Facebook* (owned by Meta, which is recognized as extremist and banned in Russia), writes Bleeping Computer.
According to CYFIRMA, the attacks are being carried out by the APT Bahamut cybercrime group from India. It should be noted that their latest attacks were carried out on WhatsApp using phishing messages.
The experts pointed out that, as a rule, attackers persuade their victims to install SafeChat, explaining this by transferring the conversation to a more secure platform. At the same time, the application itself does not arouse any suspicion: it has a typical messaging interface and registration process. It also asks users for permission to access various data, making it possible for hackers to steal personal information.
It was previously reported that criminals started infecting users via Minecraft game services.
