PTA has released a Cyber Security Advisory warning about a Patchwork spyware campaign using romance scams to target victims.
Identified as state-sponsored espionage, the advisory details that the affected software includes Android apps such as MeetMe, Let’s Chat, Quick Chat, Rafaqat, and Wave Chat. The primary attack methods involve network and social engineering techniques.
According to PTA, the suspected Indian state-sponsored hacking group, Patchwork, has deployed at least 12 malicious Android apps through the Google Play Store. These apps, disguised as messengers and a fake news app, lure victims via romance scams. Once installed, the VajraSpy malware activates, stealing sensitive data including contacts, SMS messages, call logs, device location, and files.
The advisory highlights the advanced capabilities of the malware, which include intercepting messages from apps like WhatsApp and Signal, recording phone calls, taking pictures, logging keystrokes, and scanning for Wi-Fi networks. Patchwork is known for its history of state-sponsored cyber-espionage activities.
To safeguard against these threats, the PTA advises users to regularly review app permissions and user reviews before downloading applications, even from official stores. Utilizing mobile security solutions to detect and prevent malicious app installations is also recommended. Additionally, users should be educated about the risks of romance scams and the importance of verifying app legitimacy. Implementing multi-factor authentication can add an extra layer of security to account logins.
PTA urges users to stay informed about state-sponsored cyber threats and implement appropriate security measures. In case of a suspected compromise, users should conduct thorough security audits and follow incident response protocols. Any incidents should be reported to the PTA through the CERT Portal and via email.