Android users urged to delete chat app that can spy on you and steal your data

From Google to Samsung, Android smartphones are some of the most popular handheld devices around the world.

But if you use an Android smartphone, a new report may urge you to reassess which apps you have installed on your device.

Researchers from ESET have warned about a malicious app that can spy on you and even steal your personal data.

The app, called Welcome Chat, is a functioning chat app, but also contains dangerous malware named BadPatch.

The app is promoted on a malicious website, which claims it’s a secure chat platform available on the Google Play Store.

Lukas Stefanko, a researcher at ESET, said: “In regard to the ‘secure’ claim, nothing is further from the truth.

“Not only is Welcome Chat an espionage tool; on top of that, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store.”

If you download the app, you’ll be prompted to allow permissions such as send and view text messages, access files, record audio and access contacts and device location.

Mr Stefanko explained: “Such an extensive list of intrusive permissions might normally make the victims suspicious – but with a messaging app, it’s natural they are needed for the app to deliver the promised functionality.”

If you grant these permissions, the app is able to perform a number of malicious actions, including reading your private text messages, accessing your contact lists, and viewing your photos.

Based on the findings, the researchers are urging users not to download any apps from outside the Google Play Store.

Mr Stefanko added: “We strongly recommend that users don’t install any apps from outside the official Google Play store – unless it’s a trusted source such as a website of an established security vendor or some reputable financial institution.

“On top of that, users should pay attention to what permissions their apps require and be suspicious of any apps that require permissions beyond their functionality – and, as a very basic security measure, run a reputable security app on their mobile devices.”

Related Topics

Android Samsung