This 'secure' chat app spies on its users -- what you need to know

person using a messaging app on their phone
(Image credit: Shutterstock)

There's a malicious messaging app that claims to be secure, yet spies on users and makes off with their data, security researchers warn.

According to cybersecurity firm ESET, Welcome Chat is a fully-working messaging service that lets its developers spy on users' personal information and is connected to a Middle Eastern cyberespionage campaign. 

Lukas Stefanko, a malware researcher at ESET, wrote in a blog post for WeLiveSecurity.com: “Targeting Android users via the malicious Welcome Chat app, the operation appears to have links to the malware named BadPatch, which MITRE links to the Gaza Hackers threat actor group known also as Molerats.

“Our analysis shows that the Welcome Chat app allows spying upon its victims. However, it is not simple spyware. Welcome Chat is a functioning chat app that delivers the promised functionality along with its hidden espionage capacity.”

The messaging app, targeted at residents of Middle Eastern countries in which many better-known chat apps may be banned, is advertised via a website that claims the app can be downloaded via the Google Play Store and that it’s secure.

But ESET warned that this “couldn’t be further from the truth.” The app is actually an espionage tool that harvests personal data, leaves the data it collects freely available online and isn’t available on the Play Store. 

The Gaza Hackers group, also known as the Gaza Cybergang, is a politically motivated espionage group thought to operate out of the Gaza Strip. Its primary targets are the Palestinian territories, Israel and Jordan, followed by other Middle Eastern countries. 

Tricking users

When users install the app, they’re asked to allow installing apps from unknown sources, so that the app can be downloaded from a third-party source. 

Once the app is up and running, it then requests permissions to access text messages, files, device location, audio recordings and contacts. 

“Such an extensive list of intrusive permissions might normally make the victims suspicious – but with a messaging app, it’s natural they are needed for the app to deliver the promised functionality,” explained Stefanko.

However, what users don’t realise is that they’re actually allowing criminals to snoop on their personal data.

Stefanko said: "Immediately after receiving these permissions, Welcome Chat sends information about the device to its C&C [command-and-control server] and is ready to receive commands. It is designed to contact the C&C server every five minutes.

“On top of its core espionage functionality – monitoring the chat communications of its users – the Welcome Chat app can perform the following malicious actions: exfiltrating sent and received SMS messages, call log history, contact list, user photos, recorded phone calls, the GPS location of the device, and device info.”

Designed by hackers

During their investigation, ESET researchers came to the conclusion that the hackers deploying Welcome Chat developed the app themselves. 

Stefanko added: “Creating a chat app for Android is not difficult; there are many detailed tutorials on the internet. With this approach, the attackers have better control over the compatibility of the app’s malicious functionality with its legitimate functions, so they can ensure that the chat app will work.”

Android users are often targeted by malicious apps that go on to steal their data. To mitigate this risk, you should only download reputable apps from the Google Play Store, read online reviews, create unique passwords and check app permissions. 

It would also be a good idea to install and use one of the best Android antivirus apps to block infections and remove any malware that might already be installed.

  • More: Stay anonymous on your mobile with the best Android VPN apps

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!