Skip to main content

If you have one of these apps on your Android phone, delete it immediately

The app drawer on the Google Pixel 8 Pro.
Joe Maring / Digital Trends

The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.

The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp.

The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately.

Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app’s espionage activities.

A chat app doing serious damage

A phone spying on a person.
Dall.E-3 / Digital Trends

“It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera,” says the ESET finding report.

Notably, this won’t be the first time that Vajra Spy has raised alarm. In 2022, Broadcom also listed it as a Remote Access Trojan (RAT) variant that leverages Google Cloud Storage to gather data pilfered from Android users. This malware has been linked to the threat group APT-Q-43, which is known to target members of the Pakistani military establishment specifically.

VajraSpy’s apparent objective is to harvest information from the infected device and capture the user’s data, such as text messages, WhatsApp and Signal conversations, and call histories, among other things. These apps, most of which disguised themselves as chat apps, employed romance-aligned social engineering attacks to lure the targets.

This is a recurring theme, especially given the target of the apps. In  2023, Scroll reported on how spies from across the border are using honey traps to lure Indian scientists and military personnel to extract sensitive information using a mix of romance and blackmailing efforts. Even the FBI has issued an alert about digital romance scams, while a White House staffer lost over half a million dollars in one such trap.

Security warning illustration on a phone.
Dall.E-3 / Digital Trends

In the most recent case of VajraSpy deployment, the apps were able to extract contact details, messages, a list of installed apps, call logs, and local files in different formats such as .pdf, .doc, .jpeg, .mp3, and more. Those with advanced functionalities mandated using a phone number, but in doing so, they could also intercept messages on secure platforms such as WhatsApp and Signal.

Aside from logging the text exchange in real-time, these apps could intercept notifications, record phone calls, log keystrokes, take pictures with the camera without the victim knowing about it, and take over the mic to record audio. Once again, the latter is not surprising.

We recently reported on how bad actors are abusing push notifications on phones and selling the data to government agencies, while security experts told Digital Trends that the only fool-proof way to stop this is to disable notification access for apps.

Editors' Recommendations

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
Stop putting your wet iPhone in rice — seriously
iPhone 15 Pro in hand with iPhone 14 Pro Max and iPhone 14 in background.

The world of consumer electronics has its own share of urban myths. Some of them are actually so mainstream that no one even dares question their efficacy. Burying a wet phone in rice is one of them.

Research has repeatedly proved that it’s a futile trick, but for folks that need to hear it from the source itself, well, Apple has also made it clear that the rice-drying trick doesn’t work. Whether you have an iPhone 15 Pro or a model that's a few years old, it's time to stop this useless practice.

Read more
How to reset default apps on an Android phone or tablet
Someone holding a Google Pixel 5. The screen is on and shows the Home Screen with an app folder open.

One of the best things about owning an Android phone is being able to change your default apps. If you've ever opened a file or an internet link with a certain app, and you chose Always when prompted, then that type of file will be opened with that app every time, saving you from tapping that app every time, and reclaiming some precious time. But what happens if you're the indecisive type or if you suddenly find a better app you'd like to use as your default? It's easy enough to go change.
Stock Android
“Stock Android” refers to any basic Android device that is similar to Google’s version. If you’re the owner of a phone running Stock Android — like the Google Pixel 5, the Xiaomi Mi A3, or the Motorola One Vision, here’s how to reset your app preferences.

Resetting preferences for a single app

Read more
Android 15 release date: When will my phone get the update?
The Android 15 logo on a smartphone.

Google has announced Android 15, the next major evolution for its mobile operating system. As usual, the development and release cycle will follow a three-phase strategy. February 16, 2024, marks the start of the first phase, which squarely targets developers and phone makers, providing them a look at the changes so that they can get familiar with the new software.

The first build of Android 15 is marked as Developer Preview 1, and it is going to be followed by a Beta release. This is the release that can be downloaded over the air without any special tactics. Once the beta testing phase is done, the final stable version is released. This usually happens toward the end of the year.
All the phones that can download Android 15

Read more