A rising threat to Android privacy
In today’s hyperconnected world, privacy on Android is under constant pressure. Security researchers at ESET have identified a cluster of twelve apps that can secretly record audio in the background. The spyware they embed, dubbed VajraSpy, uses deceptive social engineering to gain trust. Once installed, it quietly siphons contacts, messages, call logs, and precise location. The danger is not just technical; it is deeply human, exploiting emotions and loneliness.
A romance-driven trap
Attackers build convincing profiles on Facebook Messenger and WhatsApp to initiate seemingly genuine chats. After rapport is built, victims are nudged to install a “better” messaging app outside familiar channels of trust. That app is a Trojan carrying VajraSpy, engineered to persist and evade casual detection. The conversation feels personal, but the intent is purely predatory. This blend of affection and deceit is why the scheme is so effective.
“Romance is a powerful lure; in the wrong hands, it becomes a powerful weapon,” said a security analyst.
The 12 Android apps to delete now
ESET’s investigation flags these twelve apps as dangerous payloads. If any are on your device, treat them as urgent risks and remove them without delay.
- Rafaqat
- Privee Talk
- MeetMe
- Let’s Chat
- Quick Chat
- Chit Chat
- YohooTalk
- TikTalk
- Hello Cha
- Nidus
- GlowChat
- Wave Chat
The first six were available on Google Play and were downloaded over 1,400 times before removal from the official store. Side-loaded variants continue to circulate via links shared in private messages.
What VajraSpy can do
Once active, the malware can record ambient audio and capture phone calls under certain permission conditions. It can exfiltrate SMS, chat content, call history, and precise GPS data. It may harvest device metadata, such as model, OS version, and network identifiers. With accessibility or overlay misuse, it can expand its reach and hide malicious prompts. The result is sustained, covert surveillance that compromises everyday life.
Why people fall for it
The lure exploits basic human psychology, especially trust built through consistent communication. Messages feel tailored and empathetic, lowering natural defenses. Scammers pace the interaction to make the new app install feel normal and urgent. Technical red flags get overshadowed by emotional investment in the budding relationship. This is social engineering at its most intimate, and therefore most dangerous.
How to reduce your exposure
Practical habits reduce your attack surface and improve early detection. The following defensive practices are widely recommended by security experts:
- Prefer official stores and avoid links to APKs in private chats.
- Check developer names, permissions, and unusual behaviors post-install.
- Read recent user reviews and watch for consistent fraud signals.
- Keep Android updated and enable Google Play Protect.
- Limit app permissions to what’s strictly necessary.
- Use a reputable mobile security suite with real-time scanning.
Signs you may be compromised
Unusual battery drain, unexplained data usage, and persistent background activity are common clues. Unexpected microphone prompts or repeated permission requests deserve scrutiny and quick action. Notifications that briefly appear and vanish may signal stealthy processes. If your contacts receive odd messages, your device may be a staging point.
What to do after removal
If you uninstalled a suspicious app, consider a full device scan with trusted security software. Change important passwords, especially for messaging, email, and banking accounts. Review app permissions and revoke any that seem overly broad. Monitor your accounts for anomalous logins or password reset attempts.
The broader lesson
This campaign blends technical stealth with social manipulation, amplifying harm through personal trust. By understanding the lure, you strengthen your defenses before malware even reaches your phone. Awareness, cautious installation, and permission hygiene remain your most reliable allies. With a few mindful habits, you can keep your Android life private and secure.
