Cyber ​​security researchers have discovered five Trojan versions of legitimate Android apps that covertly monitor and spy on users in Pakistan.

Designed to hide apps like Pakistani Citizens Portal, Pakistani Salad Time, Pakistan Mobile Packages, Registered SIM Checker, and TPL Insurance, malicious options have been found to hide their payload hidden download operations as Android Dalvik executable file (DEX ).

“The DEX payload contains most of the malicious functionality, including the ability to stealthily extract sensitive data such as a user's contact list and the entire contents of SMS messages,” said Pankaj Kohli and Andrew Brandt, Sophos threat researchers. “The app then sends it. information to one of the few command and control websites hosted on servers located in Eastern Europe. "

A fake version of the Pakistani Citizens Portal has also been widely displayed as an image on the Pakistan Trade Corporation (TCP) website, possibly in an attempt to trick unsuspecting users into downloading a malicious application that also transmits sensitive information, such as computerized national user numbers. Identity cards, passport details, username and password for your Facebook account and other accounts.

Sophos researchers also found an app called Pakistani Chat, which had no harmless equivalent distributed through the Google Play Store. But the app was found to use the legitimate API of the ChatGum chat service. Once installed, the app requests permissions that allow it to collect personal data on the victim's device, including detailed phone profile information, location information, contact lists, SMS content. , call logs and a complete list of internal directories and SD card. storage room.